Vulnerabilities > CVE-2007-0415 - Unspecified vulnerability in BEA Weblogic Server

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

bea

NVD

Published: 2007-01-23

Updated: 2024-11-21

Summary

BEA WebLogic Server 8.1 through 8.1 SP5 does not properly enforce access control after a dynamic update and dynamic redeployment of an application that is implemented through exploded jars, which allows attackers to bypass intended access restrictions.

Vulnerable Configurations

Part	Description	Count
Application	Bea BEA Weblogic Server 5.1 BEA Weblogic Server 6.1 BEA Weblogic Server 7.0 BEA Weblogic Server 8.1	12

References

http://dev2dev.bea.com/pub/advisory/209
http://dev2dev.bea.com/pub/advisory/209
http://osvdb.org/38509
http://osvdb.org/38509
http://secunia.com/advisories/23750
http://secunia.com/advisories/23750
http://securitytracker.com/id?1017525
http://securitytracker.com/id?1017525
http://www.securityfocus.com/bid/22082
http://www.securityfocus.com/bid/22082
http://www.vupen.com/english/advisories/2007/0213
http://www.vupen.com/english/advisories/2007/0213