Vulnerabilities > CVE-2004-0471 - Denial of Service vulnerability in BEA Weblogic Server 7.0/8.1

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

local

low complexity

bea

NVD

Published: 2004-07-07

Updated: 2017-07-11

Summary

BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 through SP2 does not enforce site restrictions for starting and stopping servers for users in the Admin and Operator security roles, which allows unauthorized users to cause a denial of service (service shutdown).

Vulnerable Configurations

Part	Description	Count
Application	Bea BEA Weblogic Server 7.0 BEA Weblogic Server 8.1	4

References

http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_60.00.jsp
http://secunia.com/advisories/11594
http://securitytracker.com/id?1010129
http://www.osvdb.org/6077
http://www.securityfocus.com/bid/10327
https://exchange.xforce.ibmcloud.com/vulnerabilities/16121