CVE-2005-4756 | Vulnerability Database | Aqua Security

BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP5 and earlier, do not properly validate derived Principals with multiple PrincipalValidators, which might allow attackers to gain privileges.

Affected Software

Name	Vendor	Start Version	End Version
Weblogic_server	Bea	7.0 (including)	7.0 (including)
Weblogic_server	Bea	7.0-sp1 (including)	7.0-sp1 (including)
Weblogic_server	Bea	7.0-sp2 (including)	7.0-sp2 (including)
Weblogic_server	Bea	7.0-sp3 (including)	7.0-sp3 (including)
Weblogic_server	Bea	7.0-sp4 (including)	7.0-sp4 (including)
Weblogic_server	Bea	7.0-sp5 (including)	7.0-sp5 (including)
Weblogic_server	Bea	8.1 (including)	8.1 (including)
Weblogic_server	Bea	8.1-sp1 (including)	8.1-sp1 (including)
Weblogic_server	Bea	8.1-sp2 (including)	8.1-sp2 (including)
Weblogic_server	Bea	8.1-sp3 (including)	8.1-sp3 (including)
Weblogic_server	Bea	8.1-sp4 (including)	8.1-sp4 (including)

References

http://dev2dev.bea.com/pub/advisory/146
http://secunia.com/advisories/17138
http://www.securityfocus.com/bid/15052
http://dev2dev.bea.com/pub/advisory/146
http://secunia.com/advisories/17138
http://www.securityfocus.com/bid/15052

NVD	https://nvd.nist.gov/vuln/detail/CVE-2005-4756
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html