Vulnerability Details CVE-2004-0652
BEA WebLogic Server and WebLogic Express 7.0 through 7.0 Service Pack 4, and 8.1 through 8.1 Service Pack 2, allows attackers to obtain the username and password for booting the server by directly accessing certain internal methods.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 29.3%
CVSS Severity
CVSS v2 Score 7.2
References
- http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_55.00.jsp
- http://secunia.com/advisories/11359
- http://securitytracker.com/id?1009766
- http://www.kb.cert.org/vuls/id/352110
- http://www.osvdb.org/5296
- http://www.securityfocus.com/bid/10133
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15865
- http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_55.00.jsp
- http://secunia.com/advisories/11359
- http://securitytracker.com/id?1009766
- http://www.kb.cert.org/vuls/id/352110
- http://www.osvdb.org/5296
- http://www.securityfocus.com/bid/10133
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15865
Products affected by CVE-2004-0652
-
cpe:2.3:a:bea:weblogic_server:7.0
-
cpe:2.3:a:bea:weblogic_server:7.0.0.1
-
cpe:2.3:a:bea:weblogic_server:8.1