CVE-2005-1744
CRITICALBEA WebLogic Server & WebLogic Express 7.0-5 - Info Disclosure
Title source: llmDescription
BEA WebLogic Server and WebLogic Express 7.0 through Service Pack 5 does not log out users when an application is redeployed, which allows those users to continue to access the application without having to log in again, which may be in violation of newly changed security constraints or role mappings.
References (5)
Core 5
Core References
Broken Link vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2005/0604
Broken Link, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/15486
Product vendor-advisory
x_refsource_bea
http://dev2dev.bea.com/pub/advisory/127
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1014049
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/13717
Scores
CVSS v3
9.8
EPSS
0.0214
EPSS Percentile
79.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-459
Status
published
Products (1)
bea/weblogic_server
< 7.0
Published
May 24, 2005
Tracked Since
Feb 18, 2026