SecurityTracker.com Archives - BEA WebLogic Multiple Bugs Let Remote Users Deny Service, Obtain Information, and Access Restricted Resources

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

SecurityTracker
Archives

Sign Up

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Affiliates

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Partners

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Web Server/CGI) > WebLogic

Vendors: BEA Systems

BEA WebLogic Multiple Bugs Let Remote Users Deny Service, Obtain Information, and Access Restricted Resources

SecurityTracker Alert ID: 1015528

SecurityTracker URL: http://securitytracker.com/id?1015528

CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)

Updated: Feb 21 2008

Original Entry Date: Jan 24 2006

Impact: Denial of service via network, Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Host/resource access via network

Fix Available: Yes Vendor Confirmed: Yes

Advisory: BEA Security Advisory

Version(s): 6.1, 7.0, 8.1, and 9.0

Description: Multiple vulnerabilities were reported in WebLogic. A remote user can view information, access resources, and cause denial of service conditions. A local user can view passwords or configuration information.

BEA Systems issued 14 separate advisories detailing vulnerabilities in various versions of WebLogic Server, WebLogic Express and WebLogic Portal. The highest severity level assigned by the vendor is "high."

A remote user may be able to bind anonymously to an embedded LDAP server [BEA06-81.02]. The remote user can view user entries but cannot view attributes. The remote user can also create multiple connections to the LDAP server to cause denial of service conditions.

A remote user can submit requests for a servlet that is performing relative forwarding to cause looping stack overflow errors that will slow the server's performance [BEA06-106.01]. Denial of service conditions may result.

When multiple domains are managed via the same instance of the WebLogic Administration Console, an authenticated System Administrator of any of the domains can access the other domains [BEA06-108.00]. Versions 6.1 and 7.0 are affected.

A remote Java client can exploit MBean vulnerabilities to access protected MBean attributes or cause denial of service conditions on the target server [BEA06-109.00]. Systems that permit RMI access are affected.

The system stores the database password for the WebLogic Portal RDBMS Authentication provider in cleartext in the 'config.xml' file [BEA08-110.01, which supersedes BEA06-110.00]. A local user may be able to view the password. WebLogic Portal 8.1 through Service Pack 3 is affected.

A remote authenticated user may be able to view the server log to obtain configuration information [BEA06-111.00].

The system incorrectly serves the file source for deployment descriptors file to the browser [BEA06-112.00]. A remote user can view application's deployment descriptor source. WebLogic Portal 8.1 through Service Pack 4 is affected.

If configuration auditing is enabled, the WebLogic Auditing provider will write password changes in clear text to the 'DefaultAuditRecorder.log' file [BEA06-113.00]. Other audit providers may be able to write the passwords to their audit stores. WebLogic Server 8.1 through Service Pack 4 is affected.

Application code (e.g., EJBs, servlets) on the server may be able to decrypt passwords [BEA06-114.01]. WebLogic 8.1 and 9.0 are affected.

A remote user can supply a specially crafted URL to gain unauthorized access to web resources, even when the resources are located behind a firewall [BEA06-115.00]. Sites using Web Services Remote Portlets (WSRP) are affected. WebLogic Portal is affected.

After a new security provider is configured but before the server is rebooted, the system does not indicate that the server is still using the security providers from the last reboot [BEA06-116.00]. As a result, an administrator may believe that the new security provider is active. Only version 9.0 is affected.

In certain situations, the server may experience a decrease in performance if connection filters are configured and enabled [BEA06-117.00]. Only version 9.0 is affected.

An application hosted on the target server can determine the server's SSL identity [BEA06-118.00]. Only version 8.1 Service Pack 5 is affected.

If an Administrator uses the WebLogic Administration Console to add security policies to JNDI resources, the resulting security policies may not properly protect the JNDI resources [BEA06-119.00]. A remote user may be able to access resources without authorization in certain circumstances. Only version 9.0 is affected.

Impact: A remote user can view potentially sensitive information.

A remote user can access restricted resources.

A remote user can cause denial of service conditions.

A local user can view passwords or configuration information.

Vendor URL: dev2dev.bea.com/advisoriesnotifications/ (Links to External Site)

Cause: Access control error, Input validation error, State error

Underlying OS: Linux (Red Hat Enterprise), Linux (SuSE), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), Windows (NT), Windows (2000), Windows (2003)

Message History: None.

Source Message Contents

Date: Mon, 23 Jan 2006 15:30:57 -0500
Subject: BEA Systems WebLogic vulnerabilities

 
 
> Security Advisory (BEA06-81.01, BEA06-106.01, BEA06-108.00, BEA06-109.00, 
> BEA06-110.00, BEA06-111.00, BEA06-112.00, BEA06-113.00, BEA06-114.00, BEA06-115.00, 
> BEA06-116.00, BEA06-117.00, BEA06-118.00, BEA06-119.00)

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us | Help
Copyright 2007, SecurityGlobal.net LLC