VYPR
Unrated severityNVD Advisory· Published Dec 31, 2005· Updated Jun 16, 2026

CVE-2005-4760

CVE-2005-4760

Description

BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier, and 7.0 SP5 and earlier, when fullyDelegatedAuthorization is enabled for a servlet, does not cause servlet deployment to fail when failures occur in authorization or role providers, which might prevent the servlet from being "fully protected."

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

22
  • Bea/WebLogic Server21 versions
    cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*+ 20 more
    • cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:7.0:*:express:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:7.0:sp1:*:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:7.0:sp1:express:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:7.0:sp2:*:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:7.0:sp2:express:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:7.0:sp3:*:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:7.0:sp3:express:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:7.0:sp4:*:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:7.0:sp4:express:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:7.0:sp5:*:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:7.0:sp5:express:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:8.1:*:*:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:8.1:*:express:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:8.1:sp1:*:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:8.1:sp1:express:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:8.1:sp2:*:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:8.1:sp2:express:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:8.1:sp3:*:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:8.1:sp3:express:*:*:*:*:*
    • (no CPE)range: <=8.1 SP3, <=7.0 SP5
  • Range: <=8.1 SP3, <=7.0 SP5

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.