BEA Tuxedo Domain Gateway Remote Domain ACL Bypass

2001-04-21T22:24:05
ID OSVDB:18593
Type osvdb
Reporter OSVDB
Modified 2001-04-21T22:24:05

Description

Vulnerability Description

Tuxedo contains a flaw that may allow a malicious user to gain access to unauthorized services. The issue is triggered when specified authorization checks for remote services are ignored in outgoing requests and not performed by Tuxedo Domain gateways. This flaw may lead to a loss of confidentiality.

Solution Description

Upgrade to patch level 21 or later or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Tuxedo contains a flaw that may allow a malicious user to gain access to unauthorized services. The issue is triggered when specified authorization checks for remote services are ignored in outgoing requests and not performed by Tuxedo Domain gateways. This flaw may lead to a loss of confidentiality.

References:

Vendor URL: http://www.bea.com Vendor Specific Advisory URL ISS X-Force ID: 6326 CVE-2001-1477