Some vulnerabilities have been reported in BEA WebLogic Server, which can be exploited by malicious people to disclose sensitive information, manipulate certain data, or cause a DoS (Denial of Service).

1) An unspecified error can be exploited to disclose potentially sensitive information.

2) An unspecified error can be exploited to cause a DoS.

3) Another unspecified error can be exploited to cause a DoS.

4) An unspecified error can be exploited to manipulate certain data.

The vulnerabilities are reported in the following products and versions:
* Oracle WebLogic Server 10.0 through MP2, 10.3.0 and 10.3.1
* Oracle WebLogic Server 9.0 GA, 9.1 GA and 9.2 through 9.2 MP3
* Oracle WebLogic Server 8.1 through 8.1 SP6
* Oracle WebLogic Server 7.0 through 7.0 SP7

Solution
Apply patches (please see the vendor's advisory for details).

Provided and/or discovered by
For the vulnerabilities fixed in the January Critical Patch Update, the vendor credits:
* Esteban Martinez Fayo, Application Security, Inc.
* Alexander Kornbrust, Red Database Security
* David Litchfield, NGS Software
* Brian Martin, INS.com
* Guy Pilosof, Sentrigo
* JPCERT/CC Vulnerability Handling Team
* Daiki Fukumori [Secure Sky Technology], JPCERT/CC Vulnerability Handling Team
* Dennis Yurichev

Original Advisory
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2010.html

Deep Links
Links available to Secunia VIM customers