CVE-2005-4760 | Vulnerability Database | Aqua Security

BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier, and 7.0 SP5 and earlier, when fullyDelegatedAuthorization is enabled for a servlet, does not cause servlet deployment to fail when failures occur in authorization or role providers, which might prevent the servlet from being fully protected.

Affected Software

Name	Vendor	Start Version	End Version
Weblogic_server	Bea	7.0 (including)	7.0 (including)
Weblogic_server	Bea	7.0-sp1 (including)	7.0-sp1 (including)
Weblogic_server	Bea	7.0-sp2 (including)	7.0-sp2 (including)
Weblogic_server	Bea	7.0-sp3 (including)	7.0-sp3 (including)
Weblogic_server	Bea	7.0-sp4 (including)	7.0-sp4 (including)
Weblogic_server	Bea	7.0-sp5 (including)	7.0-sp5 (including)
Weblogic_server	Bea	8.1 (including)	8.1 (including)
Weblogic_server	Bea	8.1-sp1 (including)	8.1-sp1 (including)
Weblogic_server	Bea	8.1-sp2 (including)	8.1-sp2 (including)
Weblogic_server	Bea	8.1-sp3 (including)	8.1-sp3 (including)

References

http://dev2dev.bea.com/pub/advisory/151
http://secunia.com/advisories/17138
http://www.securityfocus.com/bid/15052

NVD	https://nvd.nist.gov/vuln/detail/CVE-2005-4760
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html