SecuritySpace - CVE-2004-0713

Vulnerability Search		Search 324607 CVE descriptions and 146377 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2004-0713

Description: The remove method in a stateful Enterprise JavaBean (EJB) in BEA WebLogic Server and WebLogic Express version 8.1 through SP2, 7.0 through SP4, and 6.1 through SP6, does not properly check EJB permissions before unexporting a bean, which allows remote authenticated users to remove EJB objects from remote views before the security exception is thrown.

Test IDs: 1.3.6.1.4.1.25623.1.0.55679

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2004-0713
BugTraq ID: 10185
http://www.securityfocus.com/bid/10185
CERT/CC vulnerability note: VU#658878
http://www.kb.cert.org/vuls/id/658878
XForce ISS Database: weblogic-ejb-object-deletion(15928)
https://exchange.xforce.ibmcloud.com/vulnerabilities/15928

CVE ID:	CVE-2004-0713
Description:	The remove method in a stateful Enterprise JavaBean (EJB) in BEA WebLogic Server and WebLogic Express version 8.1 through SP2, 7.0 through SP4, and 6.1 through SP6, does not properly check EJB permissions before unexporting a bean, which allows remote authenticated users to remove EJB objects from remote views before the security exception is thrown.
Test IDs:	1.3.6.1.4.1.25623.1.0.55679
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0713 BugTraq ID: 10185 http://www.securityfocus.com/bid/10185 CERT/CC vulnerability note: VU#658878 http://www.kb.cert.org/vuls/id/658878 XForce ISS Database: weblogic-ejb-object-deletion(15928) https://exchange.xforce.ibmcloud.com/vulnerabilities/15928