Vulnerabilities > CVE-2007-0418 - Unspecified vulnerability in BEA Weblogic Server
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
BEA WebLogic Server 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, 9.0, and 9.1 does not enforce a security policy that declares permissions for EJB methods that have array parameters, which allows remote attackers to obtain unauthorized access to these methods.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 23 |
References
- http://dev2dev.bea.com/pub/advisory/212
- http://dev2dev.bea.com/pub/advisory/212
- http://osvdb.org/38512
- http://osvdb.org/38512
- http://secunia.com/advisories/23750
- http://secunia.com/advisories/23750
- http://securitytracker.com/id?1017525
- http://securitytracker.com/id?1017525
- http://www.securityfocus.com/bid/22082
- http://www.securityfocus.com/bid/22082
- http://www.vupen.com/english/advisories/2007/0213
- http://www.vupen.com/english/advisories/2007/0213