Secunia Advisory SA11594BEA WebLogic Admins and Operators May be Able to Stop the Service
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Description
BEA has issued updates for WebLogic Server and WebLogic Express. These fix a weakness allowing certain administrative users to stop the service. The problem is that the start and stop policies for Admin and Operator security roles aren't properly enforced. This allows administrative users to stop or start the service even if they do not have the privileges. This affects WebLogic Server and WebLogic Express version 7.0 Service Pack 5 and prior, and version 8.1 Service Pack 2 and prior. Solution Provided and/or discovered by Deep Links Do you have additional information related to this advisory?Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
204 views | ![]() |
| Limny Multiple Vulnerabilities | |
295 views | ![]() |
| Ubuntu update for thunderbird | |
219 views | ![]() |
| Debian update for php5 | |