CVE-2006-1352

Name of the Vulnerable Software and Affected Versions BEA WebLogic Server versions 8.1 SP4 and earlier BEA WebLogic Server versions 7.0 SP6 and earlier BEA WebLogic Server versions 6.1 SP7 and earlier BEA WebLogic Express versions 8.1 SP4 and earlier BEA WebLogic Express versions 7.0 SP6 and earlier BEA WebLogic Express versions 6.1 SP7 and earlier

Description The issue allows remote attackers to cause a denial of service, specifically memory exhaustion, by sending crafted non-canonicalized XML documents.

Recommendations For BEA WebLogic Server versions 8.1 SP4 and earlier, update to a version later than SP4 to resolve the issue. For BEA WebLogic Server versions 7.0 SP6 and earlier, update to a version later than SP6 to resolve the issue. For BEA WebLogic Server versions 6.1 SP7 and earlier, update to a version later than SP7 to resolve the issue. For BEA WebLogic Express versions 8.1 SP4 and earlier, update to a version later than SP4 to resolve the issue. For BEA WebLogic Express versions 7.0 SP6 and earlier, update to a version later than SP6 to resolve the issue. For BEA WebLogic Express versions 6.1 SP7 and earlier, update to a version later than SP7 to resolve the issue.