BEA WebLogic Web Application Authentication Bypass Vulnerability

BEA WebLogic Web Application Authentication Bypass Vulnerability

BEA WebLogic reported vulnerable to authentication bypass vulnerability under certain circumstances.

When a BEA WebLogic web application component that implements session persistence is redistributed without a server reboot an authenticated user session can, in some cases, be reused by any user for a variable period of time without requiring valid credentials.

This vulnerability may be exploited to gain access to the WebLogic server without prior authentication.