Description
BEA WebLogic Server and WebLogic Express 7.0 through 7.0 Service Pack 4, and 8.1 through 8.1 Service Pack 2, allows attackers to obtain the username and password for booting the server by directly accessing certain internal methods.
References (7)
Core 7
Core References
Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/10133
Various Sources x_refsource_confirm
http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_55.00.jsp
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/5296
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1009766
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/15865
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/11359
Patch, Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/352110
Scores
EPSS
0.0013
EPSS Percentile
32.1%
Details
Status
published
Products (3)
bea/weblogic_server
7.0 (15 CPE variants)
bea/weblogic_server
7.0.0.1 (13 CPE variants)
bea/weblogic_server
8.1 (9 CPE variants)
Published
Aug 06, 2004
Tracked Since
Feb 18, 2026