Oracle WebLogic Node Manager Lets Remote Users Execute Commands
|
|
SecurityTracker Alert ID: 1023502 |
|
SecurityTracker URL: http://securitytracker.com/id/1023502
|
|
CVE Reference:
CVE-2010-0073
(Links to External Site)
|
Updated: Feb 7 2010
|
Original Entry Date: Jan 25 2010
|
Impact:
Execution of arbitrary code via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes Exploit Included: Yes
|
Version(s): 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.0, 10.3.1, 10.3.2; and prior versions
|
Description:
A vulnerability was reported in WebLogic Node Manager. A remote user can execute commands on the target system.
A remote user with knowledge of the target Weblogic domain name can execute certain commands on the target system.
On Windows-based systems, the remote user can gain complete control of the target system.
On other platforms, the remote user can gain partial control of the target system.
On versions 7.0. and 8.1, the remote user can only cause denial of service conditions.
Evgeny Legerov of Intevydis reported this vulnerability.
The original advisory is available at:
http://intevydis.blogspot.com/2010/01/oracle-weblogic-1032-node-manager-fun.html
|
Impact:
A remote user can execute commands on the target system.
|
Solution:
The vendor has issued a patch, available at:
https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&id=1058764.1
The vendor's advisory is available at:
http://www.oracle.com/technology/deploy/security/alerts/alert-cve-2010-0073.html
|
Vendor URL: www.oracle.com/technology/deploy/security/alerts/alert-cve-2010-0073.html (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
Linux (Red Hat Enterprise), Linux (SuSE), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), Windows (NT), Windows (2000), Windows (2003)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Mon, 25 Jan 2010 15:11:26 +0000
Subject: Oracle BEA WebLogic
|
http://intevydis.blogspot.com/2010/01/oracle-weblogic-1032-node-manager-fun.html
|
|
