CVE-2005-1748

The embedded LDAP server in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through Service Pack 5, allows remote anonymous binds, which may allow remote attackers to view user entries or cause a denial of service.

Published: May 24, 2005
Updated: Nov 9, 2025
CVE: CVE-2005-1748
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
bea / weblogic_server	8.1	8.1.x
bea / weblogic_server	8.1-sp4	8.1-sp4.x
bea / weblogic_server	7.0-sp2	7.0-sp2.x
bea / weblogic_server	7.0.0.1-sp4	7.0.0.1-sp4.x
bea / weblogic_server	6.1-sp4	6.1-sp4.x
bea / weblogic_server	6.1	6.1.x
bea / weblogic_server	6.1-sp5	6.1-sp5.x
bea / weblogic_server	6.0-sp1	6.0-sp1.x
bea / weblogic_server	6.1-sp6	6.1-sp6.x
bea / weblogic_server	7.0-sp4	7.0-sp4.x
bea / weblogic_server	6.1-sp1	6.1-sp1.x
bea / weblogic_server	7.0	7.0.x
bea / weblogic_server	6.0	6.0.x
bea / weblogic_server	7.0.0.1-sp1	7.0.0.1-sp1.x
bea / weblogic_server	6.0-sp2	6.0-sp2.x
bea / weblogic_server	6.1-sp3	6.1-sp3.x
bea / weblogic_server	7.0-sp3	7.0-sp3.x
bea / weblogic_server	8.1-sp1	8.1-sp1.x
bea / weblogic_server	6.1-sp2	6.1-sp2.x
bea / weblogic_server	8.1-sp3	8.1-sp3.x
bea / weblogic_server	7.0.0.1	7.0.0.1.x
bea / weblogic_server	7.0-sp5	7.0-sp5.x
bea / weblogic_server	8.1-sp2	8.1-sp2.x
bea / weblogic_server	7.0.0.1-sp3	7.0.0.1-sp3.x
bea / weblogic_server	7.0-sp1	7.0-sp1.x
bea / weblogic_server	7.0.0.1-sp2	7.0.0.1-sp2.x
oracle / weblogic_portal	8.0	8.0.x

Vulnerability Database

308,485

CVE-2005-1748

Deep Security Visibility Without the Complexity