CVE-2008-0864 Information

Description

Admin Tools in BEA WebLogic Portal 8.1 SP3 through SP6 can inadvertently remove entitlements for pages when an administrator edits the page definition label which might allow remote attackers to bypass intended access restrictions.

Reference

http://dev2dev.bea.com/pub/advisory/256 http://secunia.com/advisories/29041 http://www.securitytracker.com/id?1019454 http://www.vupen.com/english/advisories/2008/0613