CVE-2006-1358

Currently unrated

Key Information:

Vendor: Oracle
Status: Weblogic Portal
Vendor: CVE Published:; 22 March 2006

Summary

Unspecified vulnerability in BEA WebLogic Portal 8.1 up to SP5 causes a JSR-168 Portlet to be retrieved from the cache for the wrong session, which might allow one user to see a Portlet of another user.

References

http://www.vupen.com/english/advisories/2006/1022

vdb-entryx_refsource_VUPEN

ftp://ftpna.beasys.com/pub/releases/security/patch_CR2595...

x_refsource_MISC

http://dev2dev.bea.com/pub/advisory/182

vendor-advisoryx_refsource_BEA

Timeline

Vulnerability published
Mar 22, 2006
Vulnerability Reserved
Mar 21, 2006