VULHUB ™

BEA WebLogic reported vulnerable to authentication bypass vulnerability under certain circumstances. When a BEA WebLogic web application component that implements session persistence is redistributed without a server reboot an authenticated user session can, in some cases, be reused by any user for a variable period of time without requiring valid credentials. This vulnerability may be exploited to gain access to the WebLogic server without prior authentication.

BEA WebLogic reported vulnerable to authentication bypass vulnerability under certain circumstances. When a BEA WebLogic web application component that implements session persistence is redistributed without a server reboot an authenticated user session can, in some cases, be reused by any user for a variable period of time without requiring valid credentials. This vulnerability may be exploited to gain access to the WebLogic server without prior authentication.