SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Web Server/CGI)  >   Oracle WebLogic Vendors:   BEA Systems
BEA WebLogic Multiple Bugs Let Remote Users Deny Service, Obtain Information, and Access Restricted Resources
SecurityTracker Alert ID:  1015528
SecurityTracker URL:  http://securitytracker.com/id/1015528
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Updated:  Feb 21 2008
Original Entry Date:  Jan 24 2006
Impact:   Denial of service via network, Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Host/resource access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 6.1, 7.0, 8.1, and 9.0
Description:   Multiple vulnerabilities were reported in WebLogic. A remote user can view information, access resources, and cause denial of service conditions. A local user can view passwords or configuration information.

BEA Systems issued 14 separate advisories detailing vulnerabilities in various versions of WebLogic Server, WebLogic Express and WebLogic Portal. The highest severity level assigned by the vendor is "high."

A remote user may be able to bind anonymously to an embedded LDAP server [BEA06-81.02]. The remote user can view user entries but cannot view attributes. The remote user can also create multiple connections to the LDAP server to cause denial of service conditions.

A remote user can submit requests for a servlet that is performing relative forwarding to cause looping stack overflow errors that will slow the server's performance [BEA06-106.01]. Denial of service conditions may result.

When multiple domains are managed via the same instance of the WebLogic Administration Console, an authenticated System Administrator of any of the domains can access the other domains [BEA06-108.00]. Versions 6.1 and 7.0 are affected.

A remote Java client can exploit MBean vulnerabilities to access protected MBean attributes or cause denial of service conditions on the target server [BEA06-109.00]. Systems that permit RMI access are affected.

The system stores the database password for the WebLogic Portal RDBMS Authentication provider in cleartext in the 'config.xml' file [BEA08-110.01, which supersedes BEA06-110.00]. A local user may be able to view the password. WebLogic Portal 8.1 through Service Pack 3 is affected.

A remote authenticated user may be able to view the server log to obtain configuration information [BEA06-111.00].

The system incorrectly serves the file source for deployment descriptors file to the browser [BEA06-112.00]. A remote user can view application's deployment descriptor source. WebLogic Portal 8.1 through Service Pack 4 is affected.

If configuration auditing is enabled, the WebLogic Auditing provider will write password changes in clear text to the 'DefaultAuditRecorder.log' file [BEA06-113.00]. Other audit providers may be able to write the passwords to their audit stores. WebLogic Server 8.1 through Service Pack 4 is affected.

Application code (e.g., EJBs, servlets) on the server may be able to decrypt passwords [BEA06-114.01]. WebLogic 8.1 and 9.0 are affected.

A remote user can supply a specially crafted URL to gain unauthorized access to web resources, even when the resources are located behind a firewall [BEA06-115.00]. Sites using Web Services Remote Portlets (WSRP) are affected. WebLogic Portal is affected.

After a new security provider is configured but before the server is rebooted, the system does not indicate that the server is still using the security providers from the last reboot [BEA06-116.00]. As a result, an administrator may believe that the new security provider is active. Only version 9.0 is affected.

In certain situations, the server may experience a decrease in performance if connection filters are configured and enabled [BEA06-117.00]. Only version 9.0 is affected.

An application hosted on the target server can determine the server's SSL identity [BEA06-118.00]. Only version 8.1 Service Pack 5 is affected.

If an Administrator uses the WebLogic Administration Console to add security policies to JNDI resources, the resulting security policies may not properly protect the JNDI resources [BEA06-119.00]. A remote user may be able to access resources without authorization in certain circumstances. Only version 9.0 is affected.

Impact:   A remote user can view potentially sensitive information.

A remote user can access restricted resources.

A remote user can cause denial of service conditions.

A local user can view passwords or configuration information.

Solution:   The vendor has issued several patches, each described in a separate advisory. The vendor advisories are available at:

http://dev2dev.bea.com/pub/advisory/164
http://dev2dev.bea.com/pub/advisory/165
http://dev2dev.bea.com/pub/advisory/166
http://dev2dev.bea.com/pub/advisory/262
http://dev2dev.bea.com/pub/advisory/168
http://dev2dev.bea.com/pub/advisory/169
http://dev2dev.bea.com/pub/advisory/170
http://dev2dev.bea.com/pub/advisory/172
http://dev2dev.bea.com/pub/advisory/173
http://dev2dev.bea.com/pub/advisory/174
http://dev2dev.bea.com/pub/advisory/175
http://dev2dev.bea.com/pub/advisory/176

On February 19, 2008, the vendor issued a revision (BEA08-110.01), which supersedes advisory BEA06-110.00 and provides a revised fix for WebLogic Portal 7.0.

Advisory BEA06-106.01 supersedes advisory BEA05-106.00.

On May 15, 2006, the vendor issued a revision (BEA06-81.02), which supercedes BEA06-81.01 and BEA05-81.00:

http://dev2dev.bea.com/pub/advisory/196

On May 15, 2006, the vendor issued an updated advisory (BEA06-114.01) to clarify that version 8.1 Service Pack 5 includes the fix. BEA06-114.01 supercedes BEA06-114.00:

http://dev2dev.bea.com/pub/advisory/184

Vendor URL:  dev2dev.bea.com/advisoriesnotifications/ (Links to External Site)
Cause:   Access control error, Input validation error, State error
Underlying OS:   Linux (Red Hat Enterprise), Linux (SuSE), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), Windows (NT), Windows (2000), Windows (2003)

Message History:   None.


 Source Message Contents

Date:  Mon, 23 Jan 2006 15:30:57 -0500
Subject:  BEA Systems WebLogic vulnerabilities


> Security Advisory (BEA06-81.01, BEA06-106.01, BEA06-108.00, BEA06-109.00, 
> BEA06-110.00, BEA06-111.00, BEA06-112.00, BEA06-113.00, BEA06-114.00, BEA06-115.00, 
> BEA06-116.00, BEA06-117.00, BEA06-118.00, BEA06-119.00)
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC