CVE-2002-2141

BEA WebLogic Server and Express 7.0 and 7.0.0.1, when running Servlets and Enterprise JavaBeans (EJB) on more than one server, will remove the security constraints and roles on all servers for any Servlets or EJB that are used by an application that is undeployed on one server, which could allow remote attackers to conduct unauthorized activities in violation of the intended restrictions.

Published: Dec 31, 2002
Updated: Apr 13, 2023
CVE: CVE-2002-2141
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
bea / weblogic_server	7.0	7.0.x
bea / weblogic_server	7.0.0.1	7.0.0.1.x

http://dev2dev.bea.com/pub/advisory/39
http://www.iss.net/security_center/static/10291.php
http://www.securityfocus.com/bid/5846

Vulnerability Database

289,599

CVE-2002-2141