CVE-2004-0652
BEA WebLogic Server and WebLogic Express 7.0 through 7.0 Service Pack 4, and 8.1 through 8.1 Service Pack 2, allows attackers to obtain the username and password for booting the server by directly accessing certain internal methods.
| Software | From | Fixed in |
|---|---|---|
| bea / weblogic_server | 8.1 | 8.1.x |
| bea / weblogic_server | 7.0-sp2 | 7.0-sp2.x |
| bea / weblogic_server | 7.0.0.1-sp4 | 7.0.0.1-sp4.x |
| bea / weblogic_server | 7.0-sp4 | 7.0-sp4.x |
| bea / weblogic_server | 7.0 | 7.0.x |
| bea / weblogic_server | 7.0.0.1-sp1 | 7.0.0.1-sp1.x |
| bea / weblogic_server | 7.0-sp3 | 7.0-sp3.x |
| bea / weblogic_server | 8.1-sp1 | 8.1-sp1.x |
| bea / weblogic_server | 7.0.0.1 | 7.0.0.1.x |
| bea / weblogic_server | 8.1-sp2 | 8.1-sp2.x |
| bea / weblogic_server | 7.0.0.1-sp3 | 7.0.0.1-sp3.x |
| bea / weblogic_server | 7.0-sp1 | 7.0-sp1.x |
| bea / weblogic_server | 7.0.0.1-sp2 | 7.0.0.1-sp2.x |
- http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_55.00.jsp
- http://secunia.com/advisories/11359
- http://securitytracker.com/id?1009766
- http://www.kb.cert.org/vuls/id/352110
- http://www.osvdb.org/5296
- http://www.securityfocus.com/bid/10133
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15865
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime