{"vuid":"VU#691153","idnumber":"691153","name":"BEA WebLogic Server fails to discard cached authentication information when web applications are updated","keywords":["BEA","WebLogic Server","memory resident session","re-authenticate","dynamic redeployment"],"overview":"The BEA WebLogic server contains a vulnerability that may allow authenticated users to bypass authentication for a given web application when the application has been updated.","clean_desc":"The BEA WebLogic Server provides a feature that allows it to store user authentication information for future sessions. This product contains a vulnerability that prevents this stored information from being erased when a given web application is updated using \"dynamic redeployment\". As a result, users who authenticate prior to an update of a web application may be able to bypass authentication when accessing the web application after an update. This vulnerability is particularly significant when the update to a given web application affects its authentication mechanism. The following scenario provides a possible example of the effects of this vulnerability: \"User A\" successfully authenticates to \"Web Application Z\"\n\"Web Application Z\" stores the authentication credentials for future sessions\n\"Web Application Z\" is updated with a new authentication policy that should prevent \"User A\" from gaining access\n\"User A\" attempts to connect to \"Web Application Z\"\n\"Web Application Z\" grants access to \"User A\" based upon the previously stored credentials","impact":"This vulnerability may allow remote users to bypass the authentication mechanism of a given web application.","resolution":"Apply a patch BEA Systems Inc. has published Security Advisory BEA03-27.00 to address this vulnerability. For more information, please see http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-27.jsp","workarounds":"","sysaffected":"","thanks":"The CERT/CC thanks \nBEA Systems, Inc. for reporting this vulnerability.","author":"This document was written by Jeffrey P. Lanza.","public":["http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-27.jsp","http://www.securityfocus.com/bid/7130"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2003-03-24T19:18:39Z","publicdate":"2003-03-18T00:00:00Z","datefirstpublished":"2003-03-26T22:27:13Z","dateupdated":"2003-03-26T22:27:18Z","revision":13,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"10","cam_internetinfrastructure":"0","cam_population":"5","cam_impact":"4","cam_easeofexploitation":"4","cam_attackeraccessrequired":"5","cam_scorecurrent":"0.1875","cam_scorecurrentwidelyknown":"0.225","cam_scorecurrentwidelyknownexploited":"0.3","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":0.1875,"vulnote":null}