PT-2008-2511 · Bea · Bea Weblogic Server

Published

2008-02-22

Updated

2011-03-08

CVE-2008-0897

CVSS v2.0

7.9

High

Vector

AV:N/AC:M/Au:S/C:C/I:C/A:N

Name of the Vulnerable Software and Affected Versions BEA WebLogic Server versions 9.0 through 10.0

Description The issue allows remote authenticated users without "receive" permissions to bypass intended access restrictions and receive messages from a standalone JMS Topic or secured Distributed Topic member destination, related to durable subscriptions.

Recommendations For BEA WebLogic Server versions 9.0 through 10.0, consider restricting access to JMS Topic or secured Distributed Topic member destinations to prevent unauthorized message reception. As a temporary workaround, review and adjust permissions to ensure only authorized users have "receive" permissions.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2008-0897

Affected Products

Bea Weblogic Server

PT-2008-2511 · Bea · Bea Weblogic Server

CVE-2008-0897

Weakness Enumeration

Related Identifiers

Affected Products

References · 6