PT-2007-1887 · Bea · Bea Weblogic Server

Published

2007-01-23

Updated

2011-03-08

CVE-2007-0416

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions BEA WebLogic Server versions 9.0 through 9.1

Description The issue concerns the WSEE runtime in BEA WebLogic Server, where it fails to verify credentials when decrypting client messages. This allows remote attackers to bypass application security.

Recommendations For BEA WebLogic Server versions 9.0 through 9.1, update the WSEE runtime to a version that properly verifies credentials during the decryption of client messages.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-0416

Affected Products

Bea Weblogic Server

PT-2007-1887 · Bea · Bea Weblogic Server

CVE-2007-0416

Related Identifiers

Affected Products

References · 8