CVE-2005-1744

CRITICAL

BEA WebLogic Server & WebLogic Express 7.0-5 - Info Disclosure

Title source: llm

Description

BEA WebLogic Server and WebLogic Express 7.0 through Service Pack 5 does not log out users when an application is redeployed, which allows those users to continue to access the application without having to log in again, which may be in violation of newly changed security constraints or role mappings.

References (5)

[Broken Link] http://www.vupen.com/english/advisories/2005/0604

[Broken Link, Vendor Advisory] http://secunia.com/advisories/15486

[Product] http://dev2dev.bea.com/pub/advisory/127

[Broken Link, Third Party Advisory, VDB Entry] http://securitytracker.com/id?1014049

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/13717

Scores

CVSS v3 9.8

EPSS 0.0073

EPSS Percentile 72.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-459

Status published

Products (1)

bea/weblogic_server < 7.0

Published May 24, 2005

Tracked Since Feb 18, 2026