Vulnerabilities > CVE-2004-1755 - Privilege Escalation vulnerability in BEA WebLogic Server and Express SSL Client

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

bea

NVD

Published: 2004-12-31

Updated: 2017-07-11

Summary

The Web Services fat client for BEA WebLogic Server and Express 7.0 SP4 and earlier, when using 2-way SSL and multiple certificates to connect to the same URL, may use the incorrect identity after the first connection, which could allow users to gain privileges.

Vulnerable Configurations

Part	Description	Count
Application	Bea BEA Weblogic Server 7.0	15

References

http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_47.00.jsp
http://secunia.com/advisories/10725
http://www.kb.cert.org/vuls/id/858990
http://www.securityfocus.com/bid/9502
https://exchange.xforce.ibmcloud.com/vulnerabilities/15826