Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
|
|
|
|
|
|
|
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
|
|
|
|
Become a Partner and License Our Database or Notification Service
|
|
|
|
|
|
|
|
|
|
|
|
|
|
BEA WebLogic Custom Trust Manager Flaw May Let Remote Users Impersonate Target Users or Servers
|
|
SecurityTracker Alert ID: 1009765
|
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Apr 13 2004
|
Impact: User access via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): 8.1 through Service Pack 2; 7.0 through Service Pack 4
|
Description: A vulnerability was reported in WebLogic Server and WebLogic Express, affecting sites that use custom trust managers. A remote user may be able to impersonate a target user or server.
BEA reported that a validated and accepted certificate chain may be accepted even when the custom trust manager rejects the chain.
As a result, a remote user may be able to use two-way SSL to impersonate a target user or, when outbound SSL is used, impersonate
a target server.
If a WebLogic Server is validating a certificate chain, the vulnerability may occur either during an inbound
2-way SSL request (i.e., when the user's certificate is validated) or during an outbound SSL request (i.e., when the remote server's
certificate chain is validated), the report said.
|
Impact: A remote user may be able to impersonate a target user or a target server.
|
Solution: For WebLogic Server and WebLogic Express version 8.1, the vendor recommends that you upgrade to SP2 or SP3 and install the following
patch:
ftp://ftpna.beasys.com/pub/releases/security/CR129371_81sp2.jar
For WebLogic Server and WebLogic Express version 7.0,
the vendor recommends that you upgrade to SP5.
|
Vendor URL: dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_54.00.jsp (Links to External Site)
|
Cause: Access control error
|
Underlying OS: Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), UNIX (Tru64), Windows (NT), Windows (2000)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 13 Apr 2004 18:03:33 -0400
Subject: http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_54.00.jsp
|
http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_54.00.jsp
> Security Advisory:(BEA04-54.00)
> From: BEA Systems Inc.
> Minor Subject: Patches available to prevent user impersonation.
> Product(s) Affected: WebLogic Server and WebLogic Express
A vulnerability was reported in WebLogic Server and WebLogic Express affecting sites that
use custom trust managers.
If a WebLogic Server is validating a certificate chain, the vulnerability may occur either
during an inbound 2-way SSL request (i.e., when the user's certificate is validated) or
during an outbound SSL request (i.e., when the remote server's certificate chain is
validated), the report said.
It is reported that a validated and accepted certificate chain may be accepted even when
the custom trust manager rejects the chain. As a result, a remote user may be able to use
two-way SSL to impersonate a target user or, when outbound SSL is used, impersonate a
target server.
The following versions are affected:
8.1 Service Pack 2 and prior
7.0 released Service Pack 4 and prior.
For WebLogic Server and WebLogic Express version 8.1, the vendor recommends that you
upgrade to SP2 or SP3 and install the following patch:
ftp://ftpna.beasys.com/pub/releases/security/CR129371_81sp2.jar
For WebLogic Server and WebLogic Express version 7.0, the vendor recommends that you
upgrade to SP5.
> Threat level: Medium - A remote attacker, when 2-way SSL is used with a custom trust
> manager, might be able to exploit this vulnerability.
> Severity: High - A successful attacker could impersonate a system administrator or a
> remote server.
|
|
Go to the Top of This SecurityTracker Archive Page
|
