CVE-2005-4756 Information

Description

BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier and 7.0 SP5 and earlier do not properly validate derived Principals with multiple PrincipalValidators which might allow attackers to gain privileges.

Reference

http://dev2dev.bea.com/pub/advisory/146 http://secunia.com/advisories/17138 http://www.securityfocus.com/bid/15052