Vulnerabilities > CVE-2005-1744 - Incomplete Cleanup vulnerability in BEA Weblogic Server

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

bea

CWE-459

critical

nessus

NVD

Published: 2005-05-24

Updated: 2024-02-08

Summary

BEA WebLogic Server and WebLogic Express 7.0 through Service Pack 5 does not log out users when an application is redeployed, which allows those users to continue to access the application without having to log in again, which may be in violation of newly changed security constraints or role mappings.

Vulnerable Configurations

Part	Description	Count
Application	Bea BEA Weblogic Server - BEA Weblogic Server 3.1.8 BEA Weblogic Server 4.0 BEA Weblogic Server 4.0.4 BEA Weblogic Server 4.5 BEA Weblogic Server 4.5.1 BEA Weblogic Server 4.5.2 BEA Weblogic Server 5.1 BEA Weblogic Server 6.0 BEA Weblogic Server 6.1 BEA Weblogic Server 7.0	91

Common Weakness Enumeration (CWE)

CWE-459 - Incomplete Cleanup

Nessus

NASL family	Web Servers
NASL id	BEA_81SP4_MULT_VULNS.NASL
description	According to its banner, the remote host is running a version of BEA WebLogic Server or WebLogic Express that is prone to multiple vulnerabilities. These flaws could lead to buffer overflows, denial of service, unauthorized access, cross-site scripting attacks, and information disclosure.
last seen	2020-06-01
modified	2020-06-02
plugin id	18365
published	2005-05-24
reporter	This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/18365
title	BEA WebLogic <= 8.1 SP4 Multiple Vulnerabilities (XSS, DoS, ID, more)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(18365); script_version("1.26"); script_cve_id("CVE-2005-1380", "CVE-2005-1742", "CVE-2005-1743", "CVE-2005-1744", "CVE-2005-1745", "CVE-2005-1746", "CVE-2005-1747", "CVE-2005-1748", "CVE-2005-1749"); script_bugtraq_id(12548, 13400, 13717, 13793, 13794, 14632, 14657); script_name(english:"BEA WebLogic <= 8.1 SP4 Multiple Vulnerabilities (XSS, DoS, ID, more)"); script_set_attribute(attribute:"synopsis", value: "The remote web server is affected by multiple flaws." ); script_set_attribute(attribute:"description", value: "According to its banner, the remote host is running a version of BEA WebLogic Server or WebLogic Express that is prone to multiple vulnerabilities. These flaws could lead to buffer overflows, denial of service, unauthorized access, cross-site scripting attacks, and information disclosure." ); script_set_attribute(attribute:"see_also", value:"http://web.archive.org/web/20070211133850/dev2dev.bea.com/pub/advisory/125" ); script_set_attribute(attribute:"see_also", value:"http://web.archive.org/web/20061017121059/http://dev2dev.bea.com/pub/advisory/126" ); script_set_attribute(attribute:"see_also", value:"http://web.archive.org/web/20070211133831/http://dev2dev.bea.com:80/pub/advisory/127" ); script_set_attribute(attribute:"see_also", value:"http://web.archive.org/web/20070211133900/http://dev2dev.bea.com:80/pub/advisory/128" ); script_set_attribute(attribute:"see_also", value:"http://web.archive.org/web/20070211133820/http://dev2dev.bea.com:80/pub/advisory/129" ); script_set_attribute(attribute:"see_also", value:"http://web.archive.org/web/20070404224518/dev2dev.bea.com/pub/advisory/130" ); script_set_attribute(attribute:"see_also", value:"http://web.archive.org/web/20070427111447/http://dev2dev.bea.com:80/pub/advisory/132" ); script_set_attribute(attribute:"see_also", value:"http://web.archive.org/web/20070211133652/http://dev2dev.bea.com:80/pub/advisory/135" ); script_set_attribute(attribute:"see_also", value:"http://web.archive.org/web/20070207142547/http://dev2dev.bea.com:80/pub/advisory/137" ); script_set_attribute(attribute:"solution", value: "Upgrade to the appropriate Service Pack as discussed in the vendor advisories referenced above." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990); script_set_attribute(attribute:"plugin_publication_date", value: "2005/05/24"); script_set_attribute(attribute:"vuln_publication_date", value: "2005/04/25"); script_cvs_date("Date: 2018/11/15 20:50:25"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_end_attributes(); summary["english"] = "Checks for multiple vulnerabilities in BEA WebLogic <= 8.1 SP4"; script_summary(english:summary["english"]); script_category(ACT_GATHER_INFO); script_family(english:"Web Servers"); script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc."); script_dependencies("http_version.nasl"); script_require_ports("Services/www", 80); exit(0); } include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); port = get_http_port(default:80); # Check the version number in the banner. banner = get_http_banner(port:port); if (!banner \|\| "WebLogic " >!< banner) exit(0); pat = "^Server:.WebLogic .([0-9]+\.[0-9.]+) "; matches = egrep(pattern:pat, string:banner); if (matches) { foreach match (split(matches, keep:FALSE)) { ver = eregmatch(pattern:pat, string:match); if (!isnull(ver)) { # Extract the version and service pack numbers. nums = split(ver[1], sep:".", keep:FALSE); ver_maj = int(nums[0]); ver_min = int(nums[1]); sp = ereg_replace( string:match, pattern:".* (Service Pack \|SP)([0-9]+) .+", replace:"\2" ); if (!sp) sp = 0; else sp = int(sp); # Check them against vulnerable versions listed in BEA's advisories. if ( # version 6.x ( ver_maj == 6 && ( ver_min < 1 \|\| (ver_min == 1 && sp <= 7) ) ) \|\| # version 7.x (ver_maj == 7 && (ver_min == 0 && sp <= 6)) \|\| # version 8.x ( ver_maj == 8 && ( ver_min < 1 \|\| (ver_min == 1 && sp <= 4) ) ) ) { security_hole(port); set_kb_item(name: 'www/'+port+'/XSS', value: TRUE); } exit(0); } } }

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

References