Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Web Server/CGI)  >   Oracle WebLogic Vendors:   BEA Systems
WebLogic Active Directory LDAP Error May Fail to Disable User Accounts
SecurityTracker Alert ID:  1011233
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Sep 14 2004
Impact:   User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 7.0 SP5 and 8.1 SP2; and prior service packs
Description:   A vulnerability was reported in WebLogic Server and WebLogic Express when using an Active Directory LDAP server. Some disabled user accounts may remain enabled.

BEA Systems reported that when an Active Directory LDAP server is used as the authentication database and a user account is disabled but not deleted, the disabled user account remains enabled.

Impact:   A remote authenticated user may be able to access their disabled account.
Solution:   The vendor has provided the following solution information [quoted]:

* For WebLogic Server 8.1: Upgrade to WebLogic Server 8.1 Service Pack 3.

* For WebLogic Server 7.0 perform the following steps:
1. Upgrade to WebLogic Server 7.0 Service Pack 5
2. Download the file
3. Rename this file wlSecurityProviders.jar
4. Replace your existing copy of wlSecurityProviders.jar with the renamed file; the file is typically located in

The fix will be included in WebLogic Server 7.0 Service Pack 6.

Vendor URL: (Links to External Site)
Cause:   Access control error, State error
Underlying OS:  Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), UNIX (Tru64), Windows (NT), Windows (2000)

Message History:   None.

 Source Message Contents

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, LLC