BEA WebLogic Server and WebLogic Express User Impersonation Vulnerability

info
discussion
exploit
solution
references

BEA WebLogic Server and WebLogic Express User Impersonation Vulnerability

BEA Systems has reported a vulnerability affecting WebLogic Server and WebLogic Express. A flaw exists that can cause for a client to assume the identity of another user on the system.