SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   AquaLogic Service Bus Vendors:   BEA Systems
BEA AquaLogic Service Bus Lets Remote Users Bypass Security Checks in Certain Cases
SecurityTracker Alert ID:  1017523
SecurityTracker URL:  http://securitytracker.com/id/1017523
CVE Reference:   CVE-2007-0432   (Links to External Site)
Updated:  May 19 2008
Original Entry Date:  Jan 17 2007
Impact:   Host/resource access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2.0, 2.1, 2.5
Description:   A vulnerability was reported in AquaLogic Service Bus. A remote user can bypass security policies in certain cases.

Certain authorization checks may not be properly enforced by the AquaLogic Service Bus proxy services. A remote user can send specially crafted messages to bypass policies defined by the AquaLogic Service Bus administrator.

Only specific configurations are affected. However, the vendor did not indicate which configurations are affected.

Impact:   A remote user can bypass some authorization checks.
Solution:   The vendor has issued patches for version 2.1 and 2.5.

Version 2.6 will include the fix.

The BEA advisory is available at:

http://dev2dev.bea.com/pub/advisory/224

Vendor URL:  dev2dev.bea.com/pub/advisory/224 (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Red Hat Enterprise), Linux (SuSE), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), Windows (2000), Windows (2003), Windows (XP)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC