Unrated severityNVD Advisory· Published Jul 7, 2004· Updated Jun 16, 2026
CVE-2004-0471
CVE-2004-0471
Description
BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 through SP2 does not enforce site restrictions for starting and stopping servers for users in the Admin and Operator security roles, which allows unauthorized users to cause a denial of service (service shutdown).
Affected products
6cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:7.0:*:express:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:8.1:*:*:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:8.1:*:express:*:*:*:*:*
- (no CPE)range: 7.0 - 7.0 SP5, 8.1 - 8.1 SP2
- Range: 7.0 - 7.0 SP5, 8.1 - 8.1 SP2
Patches
Vulnerability mechanics
References
6News mentions
0No linked articles in our index yet.