Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The remove method in a stateful Enterprise JavaBean (EJB) in BEA WebLogic Server and WebLogic Express version 8.1 through SP2, 7.0 through SP4, and 6.1 through SP6, does not properly check EJB permissions before unexporting a bean, which allows remote authenticated users to remove EJB objects from remote views before the security exception is thrown.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
BEA WebLogic Server/Express EJB对象删除远程拒绝服务漏洞
Vulnerability Description
BEA Systems WebLogic包含多种应用系统集成方案,包括Server/Express/Integration等。 WebLogic Server和WebLogic应用程序从一个EJB中调用remove()方法时存在问题,远程攻击者利用这个漏洞可以对依靠EJB的服务进行拒绝服务攻击。 漏洞发生在当应用程序调用EJB对象的remove()方法时,对此操作的调用者权限没有充分检查查,用户在没有恰当权限时也可以删除EJB,因此利用这个问题,可导致攻击者对那些调用EJB对象的应用服务进行拒绝服务攻击。
CVSS Information
N/A
Vulnerability Type
N/A