SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Server/CGI)  >   Oracle WebLogic Vendors:   BEA Systems
WebLogic Server Lets Remote Users Execute Some Administration Commands
SecurityTracker Alert ID:  1011227
SecurityTracker URL:  http://securitytracker.com/id/1011227
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Sep 14 2004
Impact:   Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of system information, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 7.0 SP5, 8.1 SP2; and prior
Description:   A vulnerability was reported in WebLogic Server and WebLogic Express in the Administration server. A remote user may be able to execute application commands on the target system.

BEA Systems reported that a remote user with RMI access to the administration server can execute some 'weblogic.Admin' commands. A remote user may be able to cause damage to the server or obtain configuration information.

Impact:   A remote user with RMI access to the administration server can execute some 'weblogic.Admin' administrative commands.
Solution:   The vendor has provided the following fix information [quoted]:

* For WebLogic Server 8.1: Upgrade to WebLogic Server 8.1 Service Pack 3.
* For WebLogic Server 7.0, perform the following steps:
1. Upgrade to WebLogic Server 7.0 Service Pack 5
2. Download the following file: ftp://ftpna.beasys.com/pub/releases/security/CR125592_70sp5.ZIP
3. Extract the .jar file from the archive, and use the enclosed instructions to apply the .jar file to your installation.

The fix will be included in WebLogic Server 7.0 Service Pack 6.

Vendor URL:  dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04-66.00.jsp (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), UNIX (Tru64), Windows (NT), Windows (2000)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC