Description
BEA AquaLogic Service Bus 2.0, 2.1, and 2.5 does not properly reject malformed request messages to a proxy service, which might allow remote attackers to bypass authorization policies and route requests to back-end services or conduct other unauthorized activities.
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/22082
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/23786
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/32862
Vendor Advisory vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1017523
Vendor Advisory vendor-advisory
x_refsource_bea
http://dev2dev.bea.com/pub/advisory/224
Scores
EPSS
0.0061
EPSS Percentile
69.9%
Details
Status
published
Products (3)
bea/aqualogic_service_bus
2.0
bea/aqualogic_service_bus
2.1
bea/aqualogic_service_bus
2.5
Published
Jan 23, 2007
Tracked Since
Feb 18, 2026