CVE-2004-2696 - Commonsensical Contracts
Description
BEA WebLogic Server and WebLogic Express 6.1 7.0 and 8.1 when using Remote Method Invocation (RMI) over Internet Inter-ORB Protocol (IIOP) does not properly handle when multiple logins for different users coming from the same client which could cause an \unexpected user identity\ to be used in an RMI call.
Reference
http://dev2dev.bea.com/pub/advisory/59 http://www.securityfocus.com/bid/10545 http://www.osvdb.org/7081 http://securitytracker.com/id?1010493 http://secunia.com/advisories/11865 https://exchange.xforce.ibmcloud.com/vulnerabilities/16421