BEA WebLogic Server JMS security bypass

weblogic-jms-security-bypass (34284) The risk level is classified as MediumMedium Risk

Description:

The BEA WebLogic Server could allow a remote attacker to bypass security restrictions, caused by a vulnerability in the JMS service. A remote attacker could exploit this vulnerability to bypass JMS front-end protection and read or write messages from a protected queue from the JMS back-end server.

Platforms Affected:

  • BEA, WebLogic Server 6.1 SP3
  • BEA, WebLogic Server 6.1 SP4
  • BEA, WebLogic Server 6.1 SP5
  • BEA, WebLogic Server 6.1 SP6
  • BEA, WebLogic Server 6.1 SP7
  • BEA, WebLogic Server 6.1 SP2
  • BEA, WebLogic Server 6.1 SP1
  • BEA, WebLogic Server 6.1
  • BEA, WebLogic Server 7.0
  • BEA, WebLogic Server 7.0 SP7
  • BEA, WebLogic Server 7.0 SP6
  • BEA, WebLogic Server 7.0 SP3
  • BEA, WebLogic Server 7.0 SP4
  • BEA, WebLogic Server 7.0 SP5
  • BEA, WebLogic Server 7.0 SP2
  • BEA, WebLogic Server 7.0 SP1
  • BEA, WebLogic Server 8.1 SP2
  • BEA, WebLogic Server 8.1 SP4
  • BEA, WebLogic Server 8.1 SP5
  • BEA, WebLogic Server 8.1 SP3
  • BEA, WebLogic Server 8.1
  • BEA, WebLogic Server 8.1 SP1

Remedy:

Refer to BEA07-160.00 for patch and upgrade information. See References.

Consequences:

Bypass Security

References:

Reported:

May 15, 2007

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page