The distributed queue feature in JMS in BEA WebLogic Server 9.0 up to and including 10.0, in certain configurations, does not properly handle when a client cannot send a message to a member of a distributed queue, which allows remote authenticated users to bypass intended access restrictions for protected distributed queues.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
bea weblogic server 10.0 |
||
bea weblogic server 9.0 |
||
bea weblogic server 9.1 |
||
bea weblogic server 9.2 |