CGI abuses : WebLogic Server EJB Bean Removal Permissions

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.55679

Categoría: CGI abuses

Título: WebLogic Server EJB Bean Removal Permissions

Resumen: NOSUMMARY

Descripción: Description:

CVE-2004-0713:
The remove method in a stateful Enterprise JavaBean (EJB)
in BEA WebLogic Server and WebLogic Express version 8.1
through SP2, 7.0 through SP4, and 6.1 through SP6, does
not properly check EJB permissions before unexporting a
bean, which allows remote authenticated users to remove
EJB objects from remote views before the security exception
is thrown.

Solution : Apply the latest service pack.
For 8.1, apply SP3
For 7.0, apply SP5
For 6.1, apply SP7
http://dev2dev.bea.com/pub/advisory/69

Risk factor : High

CVSS Score:
6.4

Referencia Cruzada: BugTraq ID: 10185
Common Vulnerability Exposure (CVE) ID: CVE-2004-0713
http://www.securityfocus.com/bid/10185
CERT/CC vulnerability note: VU#658878
http://www.kb.cert.org/vuls/id/658878
XForce ISS Database: weblogic-ejb-object-deletion(15928)
https://exchange.xforce.ibmcloud.com/vulnerabilities/15928

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.55679
Categoría:	CGI abuses
Título:	WebLogic Server EJB Bean Removal Permissions
Resumen:	NOSUMMARY
Descripción:	Description: CVE-2004-0713: The remove method in a stateful Enterprise JavaBean (EJB) in BEA WebLogic Server and WebLogic Express version 8.1 through SP2, 7.0 through SP4, and 6.1 through SP6, does not properly check EJB permissions before unexporting a bean, which allows remote authenticated users to remove EJB objects from remote views before the security exception is thrown. Solution : Apply the latest service pack. For 8.1, apply SP3 For 7.0, apply SP5 For 6.1, apply SP7 http://dev2dev.bea.com/pub/advisory/69 Risk factor : High CVSS Score: 6.4
Referencia Cruzada:	BugTraq ID: 10185 Common Vulnerability Exposure (CVE) ID: CVE-2004-0713 http://www.securityfocus.com/bid/10185 CERT/CC vulnerability note: VU#658878 http://www.kb.cert.org/vuls/id/658878 XForce ISS Database: weblogic-ejb-object-deletion(15928) https://exchange.xforce.ibmcloud.com/vulnerabilities/15928
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com