SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Oracle WebLogic Vendors:   BEA Systems
WebLogic Portal Access Control Flaw May Grant Remote Users Access to Entitled Pages
SecurityTracker Alert ID:  1014759
SecurityTracker URL:  http://securitytracker.com/id/1014759
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Aug 22 2005
Impact:   Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): WebLogic Portal 8.1 through SP4
Description:   A vulnerability was reported in WebLogic Portal. A remote user may be able to access restricted pages.

A remote user can supply a specially crafted URL to gain access to all pages of a target Book even if the user is not entitled to access the pages.

Systems that use entitlements placed directly on desktop books, pages, or portlets are affected. Systems that use entitlements placed on Portals built from library books, pages, and portlets are not affected.

Impact:   A remote user may be able to access entitled pages that the user is not entitled to access.
Solution:   The vendor has issued a patch for WebLogic Portal 8.1 SP4, available at:

ftp://ftpna.beasys.com/pub/releases/security/patch_CR238578_81SP4.zip

Vendor URL:  dev2dev.bea.com/pub/advisory/137 (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Red Hat Enterprise), Linux (SuSE), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), Windows (NT), Windows (2000), Windows (2003)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC