CVE-2007-0426

Currently unrated

Key Information:

Vendor: Oracle
Status: Weblogic Portal
Vendor: CVE Published:; 23 January 2007

Summary

BEA WebLogic Portal 9.2, when running in a WebLogic Server clustered environment using WebLogic Portal entitlements, does not properly propagate entitlement policy changes if the changes are made on a managed server while the Administrative Server is unavailable, which might allow attackers to bypass intended restrictions.

References

http://secunia.com/advisories/23750

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/22082

vdb-entryx_refsource_BID

http://securitytracker.com/id?1017521

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Jan 23, 2007
Vulnerability Reserved
Jan 22, 2007