CVE-2005-1748
First published: Tue May 24 2005(Updated: )
The embedded LDAP server in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through Service Pack 5, allows remote anonymous binds, which may allow remote attackers to view user entries or cause a denial of service.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle WebLogic Server | =6.0 | |
| Oracle WebLogic Server | =6.0 | |
| Oracle WebLogic Server | =6.0 | |
| Oracle WebLogic Server | =6.0-sp1 | |
| Oracle WebLogic Server | =6.0-sp1 | |
| Oracle WebLogic Server | =6.0-sp1 | |
| Oracle WebLogic Server | =6.0-sp2 | |
| Oracle WebLogic Server | =6.0-sp2 | |
| Oracle WebLogic Server | =6.0-sp2 | |
| Oracle WebLogic Server | =6.1 | |
| Oracle WebLogic Server | =6.1 | |
| Oracle WebLogic Server | =6.1 | |
| Oracle WebLogic Server | =6.1-sp1 | |
| Oracle WebLogic Server | =6.1-sp1 | |
| Oracle WebLogic Server | =6.1-sp1 | |
| Oracle WebLogic Server | =6.1-sp2 | |
| Oracle WebLogic Server | =6.1-sp2 | |
| Oracle WebLogic Server | =6.1-sp2 | |
| Oracle WebLogic Server | =6.1-sp3 | |
| Oracle WebLogic Server | =6.1-sp3 | |
| Oracle WebLogic Server | =6.1-sp3 | |
| Oracle WebLogic Server | =6.1-sp4 | |
| Oracle WebLogic Server | =6.1-sp4 | |
| Oracle WebLogic Server | =6.1-sp4 | |
| Oracle WebLogic Server | =6.1-sp5 | |
| Oracle WebLogic Server | =6.1-sp5 | |
| Oracle WebLogic Server | =6.1-sp5 | |
| Oracle WebLogic Server | =6.1-sp6 | |
| Oracle WebLogic Server | =6.1-sp6 | |
| Oracle WebLogic Server | =7.0 | |
| Oracle WebLogic Server | =7.0 | |
| Oracle WebLogic Server | =7.0 | |
| Oracle WebLogic Server | =7.0-sp1 | |
| Oracle WebLogic Server | =7.0-sp1 | |
| Oracle WebLogic Server | =7.0-sp1 | |
| Oracle WebLogic Server | =7.0-sp2 | |
| Oracle WebLogic Server | =7.0-sp2 | |
| Oracle WebLogic Server | =7.0-sp2 | |
| Oracle WebLogic Server | =7.0-sp3 | |
| Oracle WebLogic Server | =7.0-sp3 | |
| Oracle WebLogic Server | =7.0-sp3 | |
| Oracle WebLogic Server | =7.0-sp4 | |
| Oracle WebLogic Server | =7.0-sp4 | |
| Oracle WebLogic Server | =7.0-sp4 | |
| Oracle WebLogic Server | =7.0-sp5 | |
| Oracle WebLogic Server | =7.0-sp5 | |
| Oracle WebLogic Server | =7.0-sp5 | |
| Oracle WebLogic Server | =7.0.0.1 | |
| Oracle WebLogic Server | =7.0.0.1 | |
| Oracle WebLogic Server | =7.0.0.1 | |
| Oracle WebLogic Server | =7.0.0.1-sp1 | |
| Oracle WebLogic Server | =7.0.0.1-sp1 | |
| Oracle WebLogic Server | =7.0.0.1-sp1 | |
| Oracle WebLogic Server | =7.0.0.1-sp2 | |
| Oracle WebLogic Server | =7.0.0.1-sp2 | |
| Oracle WebLogic Server | =7.0.0.1-sp2 | |
| Oracle WebLogic Server | =7.0.0.1-sp3 | |
| Oracle WebLogic Server | =7.0.0.1-sp3 | |
| Oracle WebLogic Server | =7.0.0.1-sp4 | |
| Oracle WebLogic Server | =7.0.0.1-sp4 | |
| Oracle WebLogic Server | =8.1 | |
| Oracle WebLogic Server | =8.1 | |
| Oracle WebLogic Server | =8.1 | |
| Oracle WebLogic Server | =8.1-sp1 | |
| Oracle WebLogic Server | =8.1-sp1 | |
| Oracle WebLogic Server | =8.1-sp1 | |
| Oracle WebLogic Server | =8.1-sp2 | |
| Oracle WebLogic Server | =8.1-sp2 | |
| Oracle WebLogic Server | =8.1-sp2 | |
| Oracle WebLogic Server | =8.1-sp3 | |
| Oracle WebLogic Server | =8.1-sp3 | |
| Oracle WebLogic Server | =8.1-sp3 | |
| Oracle WebLogic Server | =8.1-sp4 | |
| Oracle WebLogic Server | =8.1-sp4 | |
| Oracle WebLogic Server | =8.1-sp4 | |
| BEA WebLogic Portal | =8.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2005-1748?
CVE-2005-1748 is considered a medium severity vulnerability that could allow unauthorized access to user data.
How do I fix CVE-2005-1748?
To fix CVE-2005-1748, ensure that anonymous binds are disabled on the embedded LDAP server in affected versions of BEA WebLogic Server.
Which versions of BEA WebLogic Server are affected by CVE-2005-1748?
CVE-2005-1748 affects BEA WebLogic Server versions 6.0, 7.0, and 8.1 up to Service Pack 4.
What kind of attacks can exploit CVE-2005-1748?
CVE-2005-1748 can be exploited to view user entries or may lead to a denial of service.
Is there a patch available for CVE-2005-1748?
Yes, a patch is available that disables anonymous binds for the affected versions of BEA WebLogic Server.
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/references
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- agent/softwarecombine
- vendor/bea
- canonical/oracle weblogic server
- version/oracle weblogic server/6.0
- version/oracle weblogic server/6.0-sp1
- version/oracle weblogic server/6.0-sp2
- version/oracle weblogic server/6.1
- version/oracle weblogic server/6.1-sp1
- version/oracle weblogic server/6.1-sp2
- version/oracle weblogic server/6.1-sp3
- version/oracle weblogic server/6.1-sp4
- version/oracle weblogic server/6.1-sp5
- version/oracle weblogic server/6.1-sp6
- version/oracle weblogic server/7.0
- version/oracle weblogic server/7.0-sp1
- version/oracle weblogic server/7.0-sp2
- version/oracle weblogic server/7.0-sp3
- version/oracle weblogic server/7.0-sp4
- version/oracle weblogic server/7.0-sp5
- version/oracle weblogic server/7.0.0.1
- version/oracle weblogic server/7.0.0.1-sp1
- version/oracle weblogic server/7.0.0.1-sp2
- version/oracle weblogic server/7.0.0.1-sp3
- version/oracle weblogic server/7.0.0.1-sp4
- version/oracle weblogic server/8.1
- version/oracle weblogic server/8.1-sp1
- version/oracle weblogic server/8.1-sp2
- version/oracle weblogic server/8.1-sp3
- version/oracle weblogic server/8.1-sp4
- vendor/oracle
- canonical/bea weblogic portal
- version/bea weblogic portal/8.0