Description
BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 through SP2 does not enforce site restrictions for starting and stopping servers for users in the Admin and Operator security roles, which allows unauthorized users to cause a denial of service (service shutdown).
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1010129
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/10327
Patch, Vendor Advisory x_refsource_confirm
http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_60.00.jsp
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/6077
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/16121
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/11594
Scores
EPSS
0.0006
EPSS Percentile
19.6%
Details
Status
published
Products (2)
bea/weblogic_server
7.0 (2 CPE variants)
bea/weblogic_server
8.1 (2 CPE variants)
Published
Jul 07, 2004
Tracked Since
Feb 18, 2026