CVE-2004-0471
First published: Thu May 20 2004(Updated: )
BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 through SP2 does not enforce site restrictions for starting and stopping servers for users in the Admin and Operator security roles, which allows unauthorized users to cause a denial of service (service shutdown).
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle WebLogic Server | =8.1 | |
| Oracle WebLogic Server | =8.1 | |
| Oracle WebLogic Server | =7.0 | |
| Oracle WebLogic Server | =7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2004-0471?
CVE-2004-0471 is classified as a high severity vulnerability due to its potential to allow unauthorized users to shut down servers.
How do I fix CVE-2004-0471?
To fix CVE-2004-0471, apply the latest patches provided by Oracle for WebLogic Server versions 7.0 and 8.1.
Which versions are affected by CVE-2004-0471?
CVE-2004-0471 affects BEA WebLogic Server and WebLogic Express versions 7.0 through SP5 and 8.1 through SP2.
What is the impact of CVE-2004-0471?
The impact of CVE-2004-0471 is a denial of service which allows unauthorized users to stop server operations.
Who is at risk from CVE-2004-0471?
Organizations using BEA WebLogic Server or WebLogic Express without the recent security updates are at risk from CVE-2004-0471.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/severity
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/bea
- canonical/oracle weblogic server
- version/oracle weblogic server/8.1
- version/oracle weblogic server/7.0