CVE-2007-2696
First published: Wed May 16 2007(Updated: )
The JMS Server in BEA WebLogic Server 6.1 through SP7, 7.0 through SP6, and 8.1 through SP5 enforces security access policies on the front end, which allows remote attackers to access protected queues via direct requests to the JMS back-end server.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle WebLogic Server | =6.1-sp4 | |
| Oracle WebLogic Server | =8.1 | |
| Oracle WebLogic Server | =6.1-sp5 | |
| Oracle WebLogic Server | =6.1-sp6 | |
| Oracle WebLogic Server | =7.0-sp4 | |
| Oracle WebLogic Server | =7.0 | |
| Oracle WebLogic Server | =6.1-sp3 | |
| Oracle WebLogic Server | =7.0-sp6 | |
| Oracle WebLogic Server | =7.0-sp3 | |
| Oracle WebLogic Server | =8.1-sp5 | |
| Oracle WebLogic Server | =8.1-sp3 | |
| Oracle WebLogic Server | =7.0-sp2 | |
| Oracle WebLogic Server | =7.0-sp5 | |
| Oracle WebLogic Server | =6.1-sp1 | |
| Oracle WebLogic Server | =8.1-sp2 | |
| Oracle WebLogic Server | =6.1 | |
| Oracle WebLogic Server | =7.0-sp1 | |
| Oracle WebLogic Server | =8.1-sp1 | |
| Oracle WebLogic Server | =8.1-sp4 | |
| Oracle WebLogic Server | =6.1-sp2 | |
| Oracle WebLogic Server | =6.1-sp7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2007-2696?
The severity of CVE-2007-2696 is considered critical due to its potential for unauthorized access to protected JMS queues.
How do I fix CVE-2007-2696?
To fix CVE-2007-2696, update your BEA WebLogic Server to a version that is not vulnerable, specifically beyond SP7 for versions 6.1, beyond SP6 for version 7.0, and beyond SP5 for version 8.1.
What systems are affected by CVE-2007-2696?
CVE-2007-2696 affects BEA WebLogic Server versions 6.1 through SP7, 7.0 through SP6, and 8.1 through SP5.
What types of attacks are possible with CVE-2007-2696?
Attackers can exploit CVE-2007-2696 to remotely access and manage protected JMS queues by bypassing security policies.
Is there a workaround for CVE-2007-2696 while waiting for a patch?
While an official workaround is not specified, restricting access to the JMS server and implementing additional network security measures can help mitigate risks.
- agent/references
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/description
- agent/severity
- agent/remedy
- agent/author
- agent/weakness
- vendor/bea
- canonical/oracle weblogic server
- version/oracle weblogic server/6.1-sp4
- version/oracle weblogic server/8.1
- version/oracle weblogic server/6.1-sp5
- version/oracle weblogic server/6.1-sp6
- version/oracle weblogic server/7.0-sp4
- version/oracle weblogic server/7.0
- version/oracle weblogic server/6.1-sp3
- version/oracle weblogic server/7.0-sp6
- version/oracle weblogic server/7.0-sp3
- version/oracle weblogic server/8.1-sp5
- version/oracle weblogic server/8.1-sp3
- version/oracle weblogic server/7.0-sp2
- version/oracle weblogic server/7.0-sp5
- version/oracle weblogic server/6.1-sp1
- version/oracle weblogic server/8.1-sp2
- version/oracle weblogic server/6.1
- version/oracle weblogic server/7.0-sp1
- version/oracle weblogic server/8.1-sp1
- version/oracle weblogic server/8.1-sp4
- version/oracle weblogic server/6.1-sp2
- version/oracle weblogic server/6.1-sp7