VYPR
Unrated severityNVD Advisory· Published Jul 7, 2004· Updated Jun 16, 2026

CVE-2004-0471

CVE-2004-0471

Description

BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 through SP2 does not enforce site restrictions for starting and stopping servers for users in the Admin and Operator security roles, which allows unauthorized users to cause a denial of service (service shutdown).

Affected products

6
  • cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:7.0:*:express:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:8.1:*:*:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:8.1:*:express:*:*:*:*:*
    • (no CPE)range: 7.0 - 7.0 SP5, 8.1 - 8.1 SP2
  • Range: 7.0 - 7.0 SP5, 8.1 - 8.1 SP2

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.