The cluster cookie parsing code in BEA WebLogic Server 7.0 through Service Pack 5 attempts to contact any host or port specified in a cookie, even when it is not in the cluster, which allows remote malicious users to cause a denial of service (cluster slowdown) via modified cookies.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
bea weblogic server 8.1 |
||
bea weblogic server 7.0 |
||
bea weblogic server 7.0.0.1 |
||
bea weblogic server 6.1 |
||
bea weblogic server 6.0 |
||
oracle weblogic portal 8.0 |