CVE-2005-1743
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
24/05/2005
Last modified:
03/04/2025
Description
BEA WebLogic Server and WebLogic Express 8.1 through Service Pack 3 and 7.0 through Service Pack 5 does not properly handle when a security provider throws an exception, which may cause WebLogic to use incorrect identity for the thread, or to fail to audit security exceptions.
Impact
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:bea:weblogic_server:6.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:bea:weblogic_server:6.0:*:express:*:*:*:*:* | ||
| cpe:2.3:a:bea:weblogic_server:6.0:*:win32:*:*:*:*:* | ||
| cpe:2.3:a:bea:weblogic_server:6.0:sp1:*:*:*:*:*:* | ||
| cpe:2.3:a:bea:weblogic_server:6.0:sp1:express:*:*:*:*:* | ||
| cpe:2.3:a:bea:weblogic_server:6.0:sp1:win32:*:*:*:*:* | ||
| cpe:2.3:a:bea:weblogic_server:6.0:sp2:*:*:*:*:*:* | ||
| cpe:2.3:a:bea:weblogic_server:6.0:sp2:express:*:*:*:*:* | ||
| cpe:2.3:a:bea:weblogic_server:6.0:sp2:win32:*:*:*:*:* | ||
| cpe:2.3:a:bea:weblogic_server:6.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:bea:weblogic_server:6.1:*:express:*:*:*:*:* | ||
| cpe:2.3:a:bea:weblogic_server:6.1:*:win32:*:*:*:*:* | ||
| cpe:2.3:a:bea:weblogic_server:6.1:sp1:*:*:*:*:*:* | ||
| cpe:2.3:a:bea:weblogic_server:6.1:sp1:express:*:*:*:*:* | ||
| cpe:2.3:a:bea:weblogic_server:6.1:sp1:win32:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://dev2dev.bea.com/pub/advisory/126
- http://secunia.com/advisories/15486
- http://securitytracker.com/id?1014049=
- http://www.securityfocus.com/bid/13717
- http://www.vupen.com/english/advisories/2005/0603
- http://dev2dev.bea.com/pub/advisory/126
- http://secunia.com/advisories/15486
- http://securitytracker.com/id?1014049=
- http://www.securityfocus.com/bid/13717
- http://www.vupen.com/english/advisories/2005/0603