Vulnerabilities > CVE-2007-2701 - Security Bypass vulnerability in BEA Weblogic Server 7.0/8.1
Attack vector
NETWORK Attack complexity
HIGH Privileges required
SINGLE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The JMS Message Bridge in BEA WebLogic Server 7.0 through SP7 and 8.1 through Service Pack 6, when configured without a username and password, or when the connection URL is not defined, allows remote attackers to bypass the security access policy and "send unauthorized messages to a protected queue." The vendor has released a product update to address this issue: ftp://anonymous:dev2dev%[email protected]/pub/releases/security/CR281022_81sp6_rarfiles.jar
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 14 |