SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Web Server/CGI)  >   Oracle WebLogic Vendors:   BEA Systems
WebLogic Bugs Let Remote Users Gain Access, Obtain Information, and Deny Service
SecurityTracker Alert ID:  1017525
SecurityTracker URL:  http://securitytracker.com/id/1017525
CVE Reference:   CVE-2007-0409, CVE-2007-0410, CVE-2007-0411, CVE-2007-0412, CVE-2007-0413, CVE-2007-0414, CVE-2007-0415, CVE-2007-0416, CVE-2007-0417, CVE-2007-0418, CVE-2007-0419, CVE-2007-0420, CVE-2007-0421, CVE-2007-0422, CVE-2007-0424, CVE-2007-0425   (Links to External Site)
Updated:  May 19 2008
Original Entry Date:  Jan 17 2007
Impact:   Denial of service via network, Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network

Version(s): 9.2 and prior versions
Description:   Several vulnerabilities were reported in WebLogic. A remote user can gain administrative privileges. A remote user can cause denial of service conditions. A remote user can obtain sensitive information.

A remote user can send specially crafted data to trigger a buffer overflow and execute arbitrary code on the target system.

A remote user can send specially crafted data to cause the target service to crash.

A remote user can obtain potentially sensitive information, such as MBeam passwords, various attributes, application files, user request data, and other information.

The specific BEA advisory numbers and descriptions are provided:

BEA07-136.00: JDBCDataSourceFactory MBean password field not encrypted

BEA07-137.00: Incorrect thread management may lead to server unavailability.

BEA07-138.00: Problem with certificate validation on WebLogic web service clients

BEA07-139.00: Application files are exposed when deploying via .ear or exploded .ear files.

BEA07-140.00: Sensitive attributes may be stored in clear-text after offline configuration

BEA07-141.00: Socket muxer threads may block when processing error pages under load.

BEA07-142.00: Dynamic updates to applications deployed as exploded jars may result in incorrect access checking

BEA07-143.00: WS-Security runtime fails to enforce decryption certificate

BEA07-144.00: Some EJB calls can be unintentionally executed with administrative privileges when using WebLogic Server 6.1 compatibility realm

BEA07-145.00: Permissions on EJB methods with array parameters may not be enforced

BEA07-146.00: Denial-of-service vulnerability in the proxy plug-in for Apache web server.

BEA07-147.00: Malformed HTTP requests may reveal data from previous requests

BEA07-148.00: Malformed headers may cause high disk consumption

BEA07-149.00: Security policy changes may not be seen by managed server.

BEA07-150.00: A Denial of Service attack is possible against a WebLogic Server running on Solaris 9

BEA07-152.00: Multiple vulnerabilities in WebLogic Server proxy plug-in for Netscape Enterprise Server

BEA07-155.00: An overflow condition may occur in products using BEA JRockit

Impact:   A remote user can execute arbitrary code on the target system.

A remote user can gain access to the system.

A remote user can cause denial of service conditions.

A remote user can obtain sensitive information.

Solution:   The vendor has issued several, separate fixes.

The original advisories are available at:

http://dev2dev.bea.com/pub/advisory/203
http://dev2dev.bea.com/pub/advisory/204
http://dev2dev.bea.com/pub/advisory/205
http://dev2dev.bea.com/pub/advisory/206
http://dev2dev.bea.com/pub/advisory/207
http://dev2dev.bea.com/pub/advisory/208
http://dev2dev.bea.com/pub/advisory/209
http://dev2dev.bea.com/pub/advisory/210
http://dev2dev.bea.com/pub/advisory/211
http://dev2dev.bea.com/pub/advisory/212
http://dev2dev.bea.com/pub/advisory/213
http://dev2dev.bea.com/pub/advisory/214
http://dev2dev.bea.com/pub/advisory/215
http://dev2dev.bea.com/pub/advisory/216
http://dev2dev.bea.com/pub/advisory/217
http://dev2dev.bea.com/pub/advisory/219
http://dev2dev.bea.com/pub/advisory/222

Cause:   Access control error, Boundary error, Exception handling error, State error
Underlying OS:   Linux (Red Hat Enterprise), Linux (SuSE), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), Windows (NT), Windows (2000), Windows (2003)

Message History:   None.


 Source Message Contents

Date:  Wed, 17 Jan 2007 00:03:33 -0500
Subject:  BEA WebLogic


http://dev2dev.bea.com/pub/advisory/203
http://dev2dev.bea.com/pub/advisory/204
http://dev2dev.bea.com/pub/advisory/205
http://dev2dev.bea.com/pub/advisory/206
http://dev2dev.bea.com/pub/advisory/207
http://dev2dev.bea.com/pub/advisory/208
http://dev2dev.bea.com/pub/advisory/209
http://dev2dev.bea.com/pub/advisory/210
http://dev2dev.bea.com/pub/advisory/211
http://dev2dev.bea.com/pub/advisory/212
http://dev2dev.bea.com/pub/advisory/213
http://dev2dev.bea.com/pub/advisory/214
http://dev2dev.bea.com/pub/advisory/215
http://dev2dev.bea.com/pub/advisory/216
http://dev2dev.bea.com/pub/advisory/217
http://dev2dev.bea.com/pub/advisory/219
http://dev2dev.bea.com/pub/advisory/222
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC