Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
BEA WebLogic Server and Express 7.0 and 7.0.0.1, when using "memory" session persistence for web applications, does not clear authentication information when a web application is redeployed, which could allow users of that application to gain access without having to re-authenticate.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
BEA WebLogic Web应用程序验证可绕过漏洞
Vulnerability Description
BEA Systems WebLogic包含多种系统集成方案,包括Server/Express/Integration等。 BEA WebLogic Web应用程序组件实现的会话持续功能存在漏洞,远程攻击者利用这个漏洞未授权访问WebLogic服务器。 当应用程序包含的WEB应用程序组件使用"memory"会话持续没有通过重启服务器来重新配置,之前登录进WEB应用程序的用户就不需要验证再次访问,即使用户已经离最后一次访问很长时间也能进行登录。 只有使用WEB应用程序,"memory"会话持续和动态重配置(
CVSS Information
N/A
Vulnerability Type
N/A