CVE

Id
8898  
CVE No.
CVE-2004-0470  
Status
Candidate  
Description
BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 through SP2, when editing weblogic.xml using WebLogic Builder or the SecurityRoleAssignmentMBean.toXML method, inadvertently removes security-role-assignment tags when weblogic.xml does not have a principal-name tag, which can remove intended access restrictions for the associated web application.  
Phase
Assigned (20040513)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
56831 8898 CVE-2004-0470 CONFIRM:http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_59.00.jsp  View
56832 8898 CVE-2004-0470 CERT-VN:VU#950070  View
56833 8898 CVE-2004-0470 URL:http://www.kb.cert.org/vuls/id/950070  View
56834 8898 CVE-2004-0470 BID:10328  View
56835 8898 CVE-2004-0470 URL:http://www.securityfocus.com/bid/10328  View
56836 8898 CVE-2004-0470 OSVDB:6076  View
56837 8898 CVE-2004-0470 URL:http://www.osvdb.org/6076  View
56838 8898 CVE-2004-0470 SECTRACK:1010128  View
56839 8898 CVE-2004-0470 URL:http://securitytracker.com/id?1010128  View
56840 8898 CVE-2004-0470 SECUNIA:11593  View
56841 8898 CVE-2004-0470 URL:http://secunia.com/advisories/11593  View
56842 8898 CVE-2004-0470 XF:weblogic-application-unauth-access(16123)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
62842 JVNDB-2004-000184 BEA WebLogic Server における権限のないユーザがシャットダウン可能な脆弱性 BEA WebLogic Server には、WebLogic Server を起動/停止する権限を Admin および Operator のセキュリティロールを割り当てられているユーザの一部に制限した場合、この制限が正しく反映されない脆弱性が存在します。 CVE-2004-0471 8898 2.1 http://jvndb.jvn.jp/ja/contents/2004/JVNDB-2004-000184.html  View