CVE-2007-2696

Name of the Vulnerable Software and Affected Versions BEA WebLogic Server versions 6.1 through SP7 BEA WebLogic Server versions 7.0 through SP6 BEA WebLogic Server versions 8.1 through SP5

Description The issue concerns the JMS Server in BEA WebLogic Server, where security access policies are enforced on the front end. This allows remote attackers to access protected queues by making direct requests to the JMS back-end server.

Recommendations For BEA WebLogic Server versions 6.1 through SP7, consider restricting direct access to the JMS back-end server to prevent exploitation. For BEA WebLogic Server versions 7.0 through SP6, restrict direct access to the JMS back-end server to minimize the risk of unauthorized queue access. For BEA WebLogic Server versions 8.1 through SP5, limit direct requests to the JMS back-end server as a temporary mitigation measure until a fix is available.