VYPR
Unrated severityNVD Advisory· Published Jan 23, 2007· Updated Jun 16, 2026

CVE-2007-0415

CVE-2007-0415

Description

BEA WebLogic Server 8.1 through 8.1 SP5 does not properly enforce access control after a dynamic update and dynamic redeployment of an application that is implemented through exploded jars, which allows attackers to bypass intended access restrictions.

Affected products

3
  • cpe:2.3:a:bea:weblogic_server:8.1:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:bea:weblogic_server:8.1:*:*:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:*:sp5:*:*:*:*:*:*range: <=8.1
    • (no CPE)range: <=8.1 SP5

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.