|
 |
|
BEA WebLogic Portal Information Disclosure and Security Bypass
|
|
|
|
|
Secunia Advisory:
|
SA18593
|
|
|
Release Date:
|
2006-01-24
|
|
Last Update:
|
2006-01-30
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
Security Bypass
Exposure of system information
Exposure of sensitive information
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | BEA WebLogic Portal 8.x
|
| | CVE reference: | CVE-2006-0423 (Secunia mirror)
CVE-2006-0425 (Secunia mirror)
CVE-2006-0428 (Secunia mirror)
|
|
|
Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS! |
|
|
Description:
Two security issues and a vulnerability have been reported in WebLogic Portal, which potentially can be exploited by malicious people to disclose sensitive information and bypass certain security restrictions.
1) Database passwords are stored in clear-text in the "config.xml" file and may expose the database password for the RDBMS Authentication provider to malicious users.
Successful exploitation requires that the site has configured the RDBMS Authentication provider.
The security issue affects the following versions:
* WebLogic Portal 8.1 through Service Pack 3 (all platforms)
2) The file source of an application's deployment descriptor is not properly protected and can be disclosed via the web interface.
The security issue affects the following versions:
* WebLogic Portal 8.1 through Service Pack 4 (all platforms)
3) An input validation error in WSRP (Web Services Remote Portlets) may be exploited to access certain web resources not intended to be accessed by requesting specially crafted URLs.
Successful exploitation requires that the site uses WSRP.
The vulnerability affects the following versions:
* WebLogic Portal 8.1 Service Pack 3, Service Pack 4, and Service Pack 5
Solution:
Update to WebLogic Portal 8.1 Service Pack 5 and apply patch:
ftp://ftpna.beasys.com/pub/releases/security/patch_CR229017_81SP5.zip
Provided and/or discovered by:
1-2) Reported by vendor.
3) The vendor credits EPAM Systems.
Changelog:
2006-01-30: Added CVE references.
Original Advisory:
1) http://dev2dev.bea.com/pub/advisory/167
2) http://dev2dev.bea.com/pub/advisory/169
3) http://dev2dev.bea.com/pub/advisory/172
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
4 Related Secunia Security Advisories
|
|
|
1. BEA WebLogic Products Multiple Vulnerabilities
|
|
2. BEA WebLogic Portal JSR-168 Portlets Rendering Security Issue
|
|
3. BEA WebLogic Portal User-Entitlement Security Bypass
|
|
4. BEA WebLogic Multiple Vulnerabilities
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
|
|
Secunia PSI
Scan | Patch | Track
Free Download
|
|
|
Secunia Poll
|
|
|
|
|
 |
|
|
Most Popular Advisories
|
|
|
|
|
|
