CRITICAL✓ PATCH🇬🇧 English

CVE-2005-1744

CVSS 9.8v3.1pub. 2005-05-24upd. 2026-04-16

BEA WebLogic Server and WebLogic Express 7.0 through Service Pack 5 does not log out users when an application is redeployed, which allows those users to continue to access the application without having to log in again, which may be in violation of newly changed security constraints or role mappings.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Bea Weblogic Server

    APP
    Bea
    ≤ 7.0
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
CWE
Referencje

Powiązane podatności

CVE-2008-3257HIGH10.0ten sam produkt

Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic ...

CVE-2008-0901HIGH7.1ten sam produkt

BEA WebLogic Server and Express 7.0 through 10.0 allows remote attackers to conduct brute force password guess...

CVE-2008-0897HIGH7.9ten sam produkt

Unspecified vulnerability in BEA WebLogic Server 9.0 through 10.0 allows remote authenticated users without "r...

CVE-2007-4618HIGH7.8ten sam produkt

Unspecified vulnerability in BEA WebLogic Server 6.1 Gold through SP7 and 7.0 Gold through SP7 allows remote a...

CVE-2007-4614HIGH7.5ten sam produkt

BEA WebLogic Server 9.1 does not properly handle propagation of an admin server's security policy change log t...