CVE-2007-0416 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2007-0416

CWE

https://cwe.mitre.org/data/definitions/NVD-Other.html

The WSEE runtime (WS-Security runtime) in BEA WebLogic Server 9.0 and 9.1 does not verify credentials when decrypting client messages, which allows remote attackers to bypass application security.

Affected Software

Name	Vendor	Start Version	End Version
Weblogic_server	Bea	9.0 (including)	9.0 (including)
Weblogic_server	Bea	9.1 (including)	9.1 (including)

References

http://dev2dev.bea.com/pub/advisory/210
http://osvdb.org/38510
http://secunia.com/advisories/23750
http://securitytracker.com/id?1017525
http://www.securityfocus.com/bid/22082
http://www.vupen.com/english/advisories/2007/0213
http://dev2dev.bea.com/pub/advisory/210
http://osvdb.org/38510
http://secunia.com/advisories/23750
http://securitytracker.com/id?1017525
http://www.securityfocus.com/bid/22082
http://www.vupen.com/english/advisories/2007/0213