Info

Disclosure

May 24, 2005

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

WebLogic Server contains a flaw that may allow a malicious user to gain unauthorized privileges. The issue is triggered when the Active Directory LDAP server is used as an authentication database and a user account is disabled but not deleted. It is possible for the disabled user to log in to server with all of the privileges they had before, resulting in a loss of integrity.

Classification

Location: Remote/Network Access Required
Attack Type: Authentication Management
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, BEA Systems Inc has released a patch to address this vulnerability.

Products

BEA Systems, Inc.	WebLogic Server	8.1
		7.0

References

Security Tracker: 1014049
Secunia Advisory ID: 15486
Keyword: BEA05-72.01
Vendor Specific Advisory URL: http://dev2dev.bea.com/pub/advisory/16
Vendor URL: http://www.bea.com/

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

BEA Systems, Inc.

WebLogic Server

References

Credit