Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Generic)  >   AquaLogic Service Bus Vendors:   BEA Systems
BEA AquaLogic Service Bus Lets Remote Users Bypass Security Checks in Certain Cases
SecurityTracker Alert ID:  1017523
SecurityTracker URL:
CVE Reference:   CVE-2007-0432   (Links to External Site)
Updated:  May 19 2008
Original Entry Date:  Jan 17 2007
Impact:   Host/resource access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2.0, 2.1, 2.5
Description:   A vulnerability was reported in AquaLogic Service Bus. A remote user can bypass security policies in certain cases.

Certain authorization checks may not be properly enforced by the AquaLogic Service Bus proxy services. A remote user can send specially crafted messages to bypass policies defined by the AquaLogic Service Bus administrator.

Only specific configurations are affected. However, the vendor did not indicate which configurations are affected.

Impact:   A remote user can bypass some authorization checks.
Solution:   The vendor has issued patches for version 2.1 and 2.5.

Version 2.6 will include the fix.

The BEA advisory is available at:

Vendor URL: (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Red Hat Enterprise), Linux (SuSE), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), Windows (2000), Windows (2003), Windows (XP)

Message History:   None.

 Source Message Contents

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC