CVE-2006-0432

Name of the Vulnerable Software and Affected Versions BEA WebLogic Server and WebLogic Express version 9.0

Description The issue arises when an administrator utilizes the WebLogic Administration Console to add custom security policies, resulting in the creation of incorrect policies. This prevents the server from properly protecting JNDI resources.

Recommendations For BEA WebLogic Server and WebLogic Express version 9.0, ensure that custom security policies are carefully reviewed and tested after creation to prevent incorrect policies from being applied, and consider seeking guidance from the vendor on proper policy configuration to protect JNDI resources. At the moment, there is no information about a newer version that contains a fix for this vulnerability.