CVE-2007-2696

The JMS Server in BEA WebLogic Server 6.1 through SP7, 7.0 through SP6, and 8.1 through SP5 enforces security access policies on the front end, which allows remote attackers to access protected queues via direct requests to the JMS back-end server.

Published: May 16, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-2696
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
bea / weblogic_server	6.1-sp4	6.1-sp4.x
bea / weblogic_server	8.1	8.1.x
bea / weblogic_server	6.1-sp5	6.1-sp5.x
bea / weblogic_server	6.1-sp6	6.1-sp6.x
bea / weblogic_server	7.0-sp4	7.0-sp4.x
bea / weblogic_server	7.0	7.0.x
bea / weblogic_server	6.1-sp3	6.1-sp3.x
bea / weblogic_server	7.0-sp6	7.0-sp6.x
bea / weblogic_server	7.0-sp3	7.0-sp3.x
bea / weblogic_server	8.1-sp5	8.1-sp5.x
bea / weblogic_server	8.1-sp3	8.1-sp3.x
bea / weblogic_server	7.0-sp2	7.0-sp2.x
bea / weblogic_server	7.0-sp5	7.0-sp5.x
bea / weblogic_server	6.1-sp1	6.1-sp1.x
bea / weblogic_server	8.1-sp2	8.1-sp2.x
bea / weblogic_server	6.1	6.1.x
bea / weblogic_server	7.0-sp1	7.0-sp1.x
bea / weblogic_server	8.1-sp1	8.1-sp1.x
bea / weblogic_server	8.1-sp4	8.1-sp4.x
bea / weblogic_server	6.1-sp2	6.1-sp2.x
bea / weblogic_server	6.1-sp7	6.1-sp7.x

Vulnerability Database

289,599

CVE-2007-2696