|
BEA WebLogic Multiple Vulnerabilities and Security Issues
|
|
Secunia Advisory:
|
SA23750
|
|
|
Release Date:
|
2007-01-17
|
|
Last Update:
|
2007-09-03
|
|
Popularity:
|
13,589 views
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
Security Bypass
Spoofing
Exposure of sensitive information
DoS
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | BEA JRockit 1.x
BEA WebLogic Express 6.x
BEA WebLogic Express 7.x
BEA WebLogic Express 8.x
BEA WebLogic Express 9.x
BEA WebLogic Portal 9.x
BEA WebLogic Server 6.x
BEA WebLogic Server 7.x
BEA WebLogic Server 8.x
BEA WebLogic Server 9.x
|
|
|
Secunia CVSS-2 Score:
|
Available in Secunia business solutions 
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities
|
|
| Advisory Content (Page 1 of 3) | [ 1 ] [ 2 ] [ 3 ] | |
|
Description:
Multiple vulnerabilities and security issues have been reported in BEA Weblogic, which can be exploited by malicious people or malicious users to gain knowledge of sensitive information, bypass certain security restrictions, conduct spoofing attacks, cause a DoS (Denial Of Service), or potentially compromise a vulnerable system.
1) An error in the SSL library can be exploited to determine the plaintext block.
The vulnerability affects the following versions:
* WebLogic Server 8.1 released through Service Pack 5, on all platforms
* WebLogic Server 7.0 released through Service Pack 7, on all platforms
* WebLogic Server 6.1 released through Service Pack 7, on all platforms
2) The server does not properly validate client certificates when reusing connections from the cache. This can be exploited to gain access to the web server via a X.509 certificate.
Successful exploitation requires that the application allows access to multiple users via a single client process.
The vulnerability affects the following versions:
* WebLogic Server 8.1 released through Service Pack 4, on all platforms
3) Passwords stored in the JDBCDataSourceFactory MBean Properties attribute is not encrypted. This can be exploited by malicious users to view the passwords.
The security issue affects the following versions:
* WebLogic Server 9.0 initial release
* WebLogic Server 8.1, released through Service Pack 4
* WebLogic Server 7.0, released through Service Pack 6
4) An error in thread management can be exploited to cause the server to hang via a series of specially crafted requests.
The vulnerability affects the following versions:
* WebLogic Server 9.1, on all platforms
* WebLogic Server 9.0, on all platforms
* WebLogic Server 8.1 through Service Pack 5, on all platforms
* WebLogic Server 7.0 through Service Pack 6, on all platforms
5) An error in WebLogic clients using WS-Security can be exploited via man-in-the-middle attacks.
The security issue affects the following versions:
* WebLogic Server 9.2 with no maintenance packs, on all platforms
* WebLogic Server 9.1 on all platforms
* WebLogic Server 9.0 on all platforms
* WebLogic Server 8.1 released through Service Pack 5, on all platforms
6) Deployed .ear or exploded .ear files that use the manifest class-path property to point to utility jar files can be exploited by a malicious person to view files inside the class-path property.
The vulnerability affects the following versions:
* WebLogic Server 8.1 released through Service Pack 5, on all platforms
* WebLogic Server 7.0 released through Service Pack 7, on all platforms
* WebLogic Server 6.1 released through Service Pack 7, on all platforms
7) The server does not properly protect sensitive values when an administrator edits the config.xml file offline using clear text values. During a restart, WebLogic Server saves a backup of the file including the clear text values.
The security issue affects the following versions:
* WebLogic Server 8.1 released through Service Pack 5, on all platforms
8) An error in the handling of threads when processing error pages defined in web.xml can be exploited to cause the server to become unresponsive.
The vulnerability affects the following versions:
* WebLogic Server 9.0 on all platforms
* WebLogic Server 8.1 released through Service Pack 5, on all platforms
* WebLogic Server 7.0 released through Service Pack 6, on all platforms
* WebLogic Server 6.1 released through Service Pack 7, on all platforms
9) An error in enforcing access controls when an application is dynamically updated and redeployed can be exploited to gain unauthorized access to certain resources.
The security issue affects the following versions:
* WebLogic Server 8.1 released through Service Pack 5, on all platforms
10) An error in the way WSSE runtime enforces decryption certificates can be exploited to bypass certain security restrictions.
The vulnerability affects the following versions:
* WebLogic Server 9.1 on all platforms
* WebLogic Server 9.0 on all platforms
11) Some EJB calls can be executed with administrative privileges and can be exploited via malicious EJBs installed in the server.
Successful exploitation requires that the WebLogic Server 6.1 compatibility realm is used.
The security issue affects the following versions:
* WebLogic Server 9.1 on all platforms
* WebLogic Server 9.0 on all platforms
* WebLogic Server 8.1 released through Service Pack 5, on all platforms
* WebLogic Server 7.0 released through Service Pack 7, on all platforms
12) Certain security policies added via the console by the administrator does not properly protect EJB resources. This may be exploited by malicious people to access certain restricted resources.
The security issue affects the following versions:
* WebLogic Server 9.1 on all platforms
* WebLogic Server 9.0 on all platforms
* WebLogic Server 8.1 released through Service Pack 5, on all platforms
* WebLogic Server 7.0 released through Service Pack 6, on all platforms
13) An error in the WebLogic Server proxy plug-in for Apache server can be exploited to cause the server to become unresponsive via a specially crafted request.
The vulnerability is reported in Apache plug-ins dated prior to June 2006.
14) An error in the handling of specially crafted HTTP requests can be exploited to disclose information from previous HTTP requests.
The vulnerability is reported in the following versions:
* WebLogic Server 9.2 with no maintenance packs, on all platforms
* WebLogic Server 9.1 on all platforms
* WebLogic Server 9.0 on all platforms
15) An error in the handling of requests containing specially crafted headers can be exploied to to consume a large amount of disk space in the server log.
The vulnerability is reported in the following versions:
* WebLogic Server 7.0 released through Service Pack 7, on all platforms
* WebLogic Server 6.1 released through Service Pack 7, on all platforms
16) An error in the handling of certain socket connections can be exploited to cause the server to become unresponsive to other requests.
The vulnerability is reported in the following versions:
* WebLogic Server 9.2 with no maintenance packs, on Solaris 9
* WebLogic Server 9.1 on Solaris 9
* WebLogic Server 9.0 on Solaris 9
17) Deleting entitlements for a specific role also affect other role entitlements. This can be exploited by malicious users to gain unauthorized access to certain resources.
The security issue is reported in the following versions:
*WebLogic Portal 9.2 on all platforms.
18) An error in the WebLogic Server proxy plug-in for Netscape Enterprise Server can be exploited to cause the server to stop responding to other requests or to consume a large amount of CPU resource.
The vulnerability is reported in plug-ins dated prior to September, 2006.
19) An error in BEA JRockit can be exploited to cause a bufer overflow via a specially crafted packet.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in the following versions:
* WebLogic Platform 8.1 released through Service Pack 5 on Linux and Windows.
* WebLogic Server 8.1 released through Service Pack 5 on Linux and Windows.
* BEA JRockit 1.4.2 R4.5 and previous versions on Linux and Windows.
20) Policy changes are not properly migrated to other servers if the Administrative Server is down when making the changes. Malicious users may be able to gain unauthorized access to certain resources.
The security issue is reported in the following versions:
* WebLogic Portal 9.2 on all platforms.
Change Page:
[ 1 ] [ 2 ] [ 3 ]
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
Today
|
New advisories:
|
3 |
|
New vulnerabilities:
|
4 |
|
Updated advisories:
|
35 |
|
|
|
|
|
|
|
|
|
|
9th Jul, 2009
|
New advisories:
|
18 |
|
New vulnerabilities:
|
23 |
|
Updated advisories:
|
24 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
 Solutions | More...
|
|
