Vulnerabilities > CVE-2007-0432 - Unspecified vulnerability in BEA Aqualogic Service BUS 2.0/2.1/2.5

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

bea

NVD

Published: 2007-01-23

Updated: 2024-11-21

Summary

BEA AquaLogic Service Bus 2.0, 2.1, and 2.5 does not properly reject malformed request messages to a proxy service, which might allow remote attackers to bypass authorization policies and route requests to back-end services or conduct other unauthorized activities.

Vulnerable Configurations

Part	Description	Count
Application	Bea BEA Aqualogic Service BUS 2.0 BEA Aqualogic Service BUS 2.1 BEA Aqualogic Service BUS 2.5	3

References

http://dev2dev.bea.com/pub/advisory/224
http://dev2dev.bea.com/pub/advisory/224
http://osvdb.org/32862
http://osvdb.org/32862
http://secunia.com/advisories/23786
http://secunia.com/advisories/23786
http://securitytracker.com/id?1017523
http://securitytracker.com/id?1017523
http://www.securityfocus.com/bid/22082
http://www.securityfocus.com/bid/22082