SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Server/CGI)  >   Oracle WebLogic Vendors:   BEA Systems
BEA Systems WebLogic Server and Express May Return a Response to the Wrong Remote User
SecurityTracker Alert ID:  1005310
SecurityTracker URL:  http://securitytracker.com/id/1005310
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Sep 28 2002
Impact:   User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): WebLogic Server and Express 6.1, 6.1 SP1, 7.0 and 7.0.0.1.
Description:   An information disclosure vulnerability was reported in BEA Systems WebLogic application server. A remote user may receive an HTTP response intended for a different remote user.

BEA reports that the WebLogic Server and Express are designed to buffer response data to improve performance. However, a defect in the buffer mechanism may return buffered information to the wrong remote user in response to a different request from that remote user.

According to the report, this defect occurs rarely. Also, it occurs randomly and apparently cannot be prompted by a user.

Impact:   A remote user may view information intended for a different user.

[Editor's note: Although the report does not explicity indicate so, it may be possible that a remote user could receive an authentication cookie or authentication information intended for a different user, potentially granting access to the wrong user.]

Solution:   The vendor has released WebLogic Server 7.0 Service Pack 1 and WebLogic Server 6.1, Service Pack 3 to correct the problem.

Service Packs and related information are available at:

http://commerce.beasys.com/downloads/weblogic_server.jsp#wls

Vendor URL:  dev2dev.bea.com/resourcelibrary/advisoriesdetail.jsp?highlight=advisoriesnotifications&path=components%2Fdev2dev%2Fresourcelibrary%2Fadvisoriesno (Links to External Site)
Cause:   Access control error, Resource error
Underlying OS:  Linux (Red Hat Linux), Linux (SuSE), OpenVMS, UNIX (AIX), UNIX (HP/UX), UNIX (Open UNIX-SCO), UNIX (Solaris - SunOS), UNIX (Tru64), Windows (NT), Windows (2000)

Message History:   None.


 Source Message Contents

Subject:  BEA02-20.00


http://dev2dev.bea.com/resourcelibrary/advisoriesdetail.jsp?highlight=advisoriesnotifications&path=components%2Fdev2dev%2Fresourcelibrary%2Fadvisoriesnotifications%2FAdvisories_BEA02-20.htm

BEA Systems released a security advisory (BEA02-20.00) warning of a
vulnerability in certain versions of BEA WebLogic Server and Express:

BEA WebLogic Server and Express 6.1, 6.1 SP1, 7.0 and 7.0.0.1.

BEA reports that HTTP response data to be shared among two users.  This is due
to a defect in a WebLogic Server buffer (response data is buffered for better
performance, according to the report).  BEA indicates that the inadvertent
sharing of buffer data occurs only rarely and is a random event -- it apparently
cannot be prompted by a user.

BEA has released WebLogic Server 7.0 Service Pack 1 and WebLogic Server 6.1,
Service Pack 3 to correct the problem.

Service Packs and related information are available at:

http://commerce.beasys.com/downloads/weblogic_server.jsp#wls

Severity: Moderate

Threat Level: Low


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC