CVE-2007-0414

Name of the Vulnerable Software and Affected Versions BEA WebLogic Server versions 6.1 through 6.1 SP7 BEA WebLogic Server versions 7.0 through 7.0 SP6 BEA WebLogic Server versions 8.1 through 8.1 SP5 BEA WebLogic Server version 9.0

Description The issue allows remote attackers to cause a denial of service, resulting in a server hang. This occurs when certain requests are made that cause muxer threads to block when processing error pages.

Recommendations For BEA WebLogic Server versions 6.1 through 6.1 SP7, update the configuration to prevent muxer threads from blocking on error pages. For BEA WebLogic Server versions 7.0 through 7.0 SP6, restrict access to error pages to minimize the risk of server hang. For BEA WebLogic Server versions 8.1 through 8.1 SP5, consider implementing a workaround to handle error pages without blocking muxer threads. For BEA WebLogic Server version 9.0, apply a configuration change to prevent the server from hanging when processing certain requests.