000020335 - Is ClearTrust affected by BEA WebLogic security vulnerability BEA03-27.00?

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000020335
Applies ToRSA ClearTrust 5.0.x
IssueIs ClearTrust affected by BEA WebLogic security vulnerability BEA03-27.00?
CauseBEA describes this vulnerability as follows: This vulnerability can occur when an application that contains a Web application component using "memory" session persistence is redeployed without rebooting the server. When this occurs, users who have logged into the Web application prior to its redeployment can sometimes access the Web application without needing to authenticate again - even if they are accessing the Web application long after their last access. Only systems that use Web applications, "memory" session persistence, and dynamic redeployment (e.g. those that redeploy without a reboot) are vulnerable to this problem.
ResolutionAlthough there is little to no risk of this vulnerability affecting ClearTrust's integration with the BEA WebLogic product, RSA strongly recommends that customers using BEA WebLogic visit BEA's advisory web site to download the latest service pack and/or patch releases to ensure that such vulnerabilities are addressed accordingly.
Legacy Article IDa16045

Attachments

    Outcomes