Unspecified vulnerability in BEA WebLogic Server 9.0 through 10.0 allows remote authenticated users without "receive" permissions to bypass intended access restrictions and receive messages from a standalone JMS Topic or secured Distributed Topic member destination, related to durable subscriptions.
http://www.vupen.com/english/advisories/2008/0612/references
http://www.securitytracker.com/id?1019444