CVE-2004-2696

Sažetak

BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, when using Remote Method Invocation (RMI) over Internet Inter-ORB Protocol (IIOP), does not properly handle when multiple logins for different users coming from the same client, which could cause an "unexpected user identity" to be used in an RMI call.

Reference

http://dev2dev.bea.com/pub/advisory/59
http://secunia.com/advisories/11865
http://securitytracker.com/id?1010493
http://www.osvdb.org/7081
http://www.securityfocus.com/bid/10545
https://exchange.xforce.ibmcloud.com/vulnerabilities/16421

CVSS

Base:	5.5
Impact:	4.9
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:P/A:N

Zadnje važnije ažuriranje

29-07-2017 - 01:29

Objavljeno

31-12-2004 - 05:00