CVE Vulnerabilities

CVE-2007-2696

Published: May 16, 2007 | Modified: Jul 29, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

The JMS Server in BEA WebLogic Server 6.1 through SP7, 7.0 through SP6, and 8.1 through SP5 enforces security access policies on the front end, which allows remote attackers to access protected queues via direct requests to the JMS back-end server.

Affected Software

Name Vendor Start Version End Version
Weblogic_server Bea 6.1 (including) 6.1 (including)
Weblogic_server Bea 6.1-sp1 (including) 6.1-sp1 (including)
Weblogic_server Bea 6.1-sp2 (including) 6.1-sp2 (including)
Weblogic_server Bea 6.1-sp3 (including) 6.1-sp3 (including)
Weblogic_server Bea 6.1-sp4 (including) 6.1-sp4 (including)
Weblogic_server Bea 6.1-sp5 (including) 6.1-sp5 (including)
Weblogic_server Bea 6.1-sp6 (including) 6.1-sp6 (including)
Weblogic_server Bea 6.1-sp7 (including) 6.1-sp7 (including)
Weblogic_server Bea 7.0 (including) 7.0 (including)
Weblogic_server Bea 7.0-sp1 (including) 7.0-sp1 (including)
Weblogic_server Bea 7.0-sp2 (including) 7.0-sp2 (including)
Weblogic_server Bea 7.0-sp3 (including) 7.0-sp3 (including)
Weblogic_server Bea 7.0-sp4 (including) 7.0-sp4 (including)
Weblogic_server Bea 7.0-sp5 (including) 7.0-sp5 (including)
Weblogic_server Bea 7.0-sp6 (including) 7.0-sp6 (including)
Weblogic_server Bea 8.1 (including) 8.1 (including)
Weblogic_server Bea 8.1-sp1 (including) 8.1-sp1 (including)
Weblogic_server Bea 8.1-sp2 (including) 8.1-sp2 (including)
Weblogic_server Bea 8.1-sp3 (including) 8.1-sp3 (including)
Weblogic_server Bea 8.1-sp4 (including) 8.1-sp4 (including)
Weblogic_server Bea 8.1-sp5 (including) 8.1-sp5 (including)

References