Vulnerabilities have been reported in BEA WebLogic products. The vulnerabilities could allow attackers to inject script, disclose inform
The issue occurs during the processing of requests within the “HttpClusterServlet” and “HttpProxyServlet” servlets. If the system is configured with the “SecureProxy” setting, then it may be potentially be exploited to gain access to certain administrative resources that are only accessible to an administrator.
Products affected are WebLogic Express, Portal and Server versions 6.x through 10.x, and WebLogic Workshop 8.x through 10.x. BEA has updates for all affected products.