WebLogic Bugs Let Remote Users Gain Access, Obtain Information, and Deny Service
SecurityTracker Alert ID: 1017525|
SecurityTracker URL: http://securitytracker.com/id/1017525
CVE-2007-0409, CVE-2007-0410, CVE-2007-0411, CVE-2007-0412, CVE-2007-0413, CVE-2007-0414, CVE-2007-0415, CVE-2007-0416, CVE-2007-0417, CVE-2007-0418, CVE-2007-0419, CVE-2007-0420, CVE-2007-0421, CVE-2007-0422, CVE-2007-0424, CVE-2007-0425
(Links to External Site)
Updated: May 19 2008|
Original Entry Date: Jan 17 2007
Denial of service via network, Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network|
Version(s): 9.2 and prior versions|
Several vulnerabilities were reported in WebLogic. A remote user can gain administrative privileges. A remote user can cause denial of service conditions. A remote user can obtain sensitive information.|
A remote user can send specially crafted data to trigger a buffer overflow and execute arbitrary code on the target system.
A remote user can send specially crafted data to cause the target service to crash.
A remote user can obtain potentially sensitive information, such as MBeam passwords, various attributes, application files, user request data, and other information.
The specific BEA advisory numbers and descriptions are provided:
BEA07-136.00: JDBCDataSourceFactory MBean password field not encrypted
BEA07-137.00: Incorrect thread management may lead to server unavailability.
BEA07-138.00: Problem with certificate validation on WebLogic web service clients
BEA07-139.00: Application files are exposed when deploying via .ear or exploded .ear files.
BEA07-140.00: Sensitive attributes may be stored in clear-text after offline configuration
BEA07-141.00: Socket muxer threads may block when processing error pages under load.
BEA07-142.00: Dynamic updates to applications deployed as exploded jars may result in incorrect access checking
BEA07-143.00: WS-Security runtime fails to enforce decryption certificate
BEA07-144.00: Some EJB calls can be unintentionally executed with administrative privileges when using WebLogic Server 6.1 compatibility realm
BEA07-145.00: Permissions on EJB methods with array parameters may not be enforced
BEA07-146.00: Denial-of-service vulnerability in the proxy plug-in for Apache web server.
BEA07-147.00: Malformed HTTP requests may reveal data from previous requests
BEA07-148.00: Malformed headers may cause high disk consumption
BEA07-149.00: Security policy changes may not be seen by managed server.
BEA07-150.00: A Denial of Service attack is possible against a WebLogic Server running on Solaris 9
BEA07-152.00: Multiple vulnerabilities in WebLogic Server proxy plug-in for Netscape Enterprise Server
BEA07-155.00: An overflow condition may occur in products using BEA JRockit
A remote user can execute arbitrary code on the target system.|
A remote user can gain access to the system.
A remote user can cause denial of service conditions.
A remote user can obtain sensitive information.
The vendor has issued several, separate fixes.|
The original advisories are available at:
Access control error, Boundary error, Exception handling error, State error|
|Underlying OS: Linux (Red Hat Enterprise), Linux (SuSE), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), Windows (NT), Windows (2000), Windows (2003)|
Source Message Contents
[Original Message Not Available for Viewing]
Go to the Top of This SecurityTracker Archive Page