CVE-2004-2696

Опубликовано: 31 дек. 2004

Источник: nvd

CVSS2: 5.5

EPSS Низкий

Описание

BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, when using Remote Method Invocation (RMI) over Internet Inter-ORB Protocol (IIOP), does not properly handle when multiple logins for different users coming from the same client, which could cause an "unexpected user identity" to be used in an RMI call.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:bea:weblogic_server:6.1:*:*:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:6.1:*:express:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:6.1:*:win32:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:6.1:sp1:*:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:6.1:sp1:express:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:6.1:sp1:win32:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:6.1:sp2:*:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:6.1:sp2:express:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:6.1:sp2:win32:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:6.1:sp3:*:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:6.1:sp3:express:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:6.1:sp3:win32:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:6.1:sp4:*:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:6.1:sp4:express:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:6.1:sp4:win32:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:6.1:sp5:*:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:6.1:sp5:express:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:6.1:sp5:win32:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:6.1:sp6:*:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:6.1:sp6:express:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:6.1:sp6:win32:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:7.0:*:express:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:7.0:*:win32:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:7.0:sp1:*:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:7.0:sp1:express:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:7.0:sp1:win32:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:7.0:sp2:*:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:7.0:sp2:express:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:7.0:sp2:win32:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:7.0:sp3:*:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:7.0:sp3:express:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:7.0:sp3:win32:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:7.0:sp4:*:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:7.0:sp4:express:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:7.0:sp4:win32:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:7.0:sp5:*:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:7.0:sp5:express:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:7.0:sp5:win32:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:*:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:express:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:win32:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:*:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:express:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:win32:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:*:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:express:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:win32:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp3:*:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp3:express:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp4:*:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp4:express:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:8.1:*:*:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:8.1:*:express:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:8.1:*:win32:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:8.1:sp1:*:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:8.1:sp1:express:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:8.1:sp1:win32:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:8.1:sp2:*:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:8.1:sp2:express:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:8.1:sp2:win32:*:*:*:*:*

EPSS

Процентиль: 68%

0.00582

Низкий

5.5 Medium

CVSS2

Дефекты

CWE-255

Связанные уязвимости

GHSA-8924-w9cg-j6hh

github

почти 4 года назад