CVE-2007-0432 Information

Description

BEA AquaLogic Service Bus 2.0 2.1 and 2.5 does not properly reject malformed request messages to a proxy service which might allow remote attackers to bypass authorization policies and route requests to back-end services or conduct other unauthorized activities.

Reference

http://dev2dev.bea.com/pub/advisory/224 http://osvdb.org/32862 http://secunia.com/advisories/23786 http://securitytracker.com/id?1017523 http://www.securityfocus.com/bid/22082