• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

BEA WebLogic Server/Express EJB Object Removal Denial Of Service Vulnerability

BEA has reported a vulnerability in both WebLogic Server and WebLogic Express that may result in unauthorized removal of EJB (Enterprise Java Bean) Objects. The issue is reported to present itself when an application invokes a remove() method from an EJB. When this method is called, the EJB remote object will be unexported, regardless of the permissions of the caller of the method.

An attacker who has sufficient access to trigger a call to a remove() method in an EJB may potentially deny service to services that depend on the EJB.