CVE-2007-0418

Name of the Vulnerable Software and Affected Versions BEA WebLogic Server versions 7.0 through 7.0 SP6 BEA WebLogic Server versions 8.1 through 8.1 SP5 BEA WebLogic Server version 9.0 BEA WebLogic Server version 9.1

Description The issue allows remote attackers to obtain unauthorized access to EJB methods with array parameters due to a lack of security policy enforcement.

Recommendations For BEA WebLogic Server versions 7.0 through 7.0 SP6, consider implementing a security policy that declares permissions for EJB methods with array parameters. For BEA WebLogic Server versions 8.1 through 8.1 SP5, consider implementing a security policy that declares permissions for EJB methods with array parameters. For BEA WebLogic Server version 9.0, consider implementing a security policy that declares permissions for EJB methods with array parameters. For BEA WebLogic Server version 9.1, consider implementing a security policy that declares permissions for EJB methods with array parameters.