SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


Try our Premium Alert Service
 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service





Category:   Application (Web Server/CGI)  >   Oracle WebLogic Vendors:   BEA Systems
BEA WebLogic Custom Trust Manager Flaw May Let Remote Users Impersonate Target Users or Servers
SecurityTracker Alert ID:  1009765
SecurityTracker URL:  http://securitytracker.com/id/1009765
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Apr 13 2004
Impact:   User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 8.1 through Service Pack 2; 7.0 through Service Pack 4
Description:   A vulnerability was reported in WebLogic Server and WebLogic Express, affecting sites that use custom trust managers. A remote user may be able to impersonate a target user or server.

BEA reported that a validated and accepted certificate chain may be accepted even when the custom trust manager rejects the chain. As a result, a remote user may be able to use two-way SSL to impersonate a target user or, when outbound SSL is used, impersonate a target server.

If a WebLogic Server is validating a certificate chain, the vulnerability may occur either during an inbound 2-way SSL request (i.e., when the user's certificate is validated) or during an outbound SSL request (i.e., when the remote server's certificate chain is validated), the report said.

Impact:   A remote user may be able to impersonate a target user or a target server.
Solution:   For WebLogic Server and WebLogic Express version 8.1, the vendor recommends that you upgrade to SP2 or SP3 and install the following patch:

ftp://ftpna.beasys.com/pub/releases/security/CR129371_81sp2.jar

For WebLogic Server and WebLogic Express version 7.0, the vendor recommends that you upgrade to SP5.

Vendor URL:  dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_54.00.jsp (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), UNIX (Tru64), Windows (NT), Windows (2000)

Message History:   None.


 Source Message Contents

Subject:  http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_54.00.jsp


http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_54.00.jsp

 > Security Advisory:(BEA04-54.00)

 > From: BEA Systems Inc.

 > Minor Subject: Patches available to prevent user impersonation.

 > Product(s) Affected: WebLogic Server and WebLogic Express

A vulnerability was reported in WebLogic Server and WebLogic Express affecting sites that 
use custom trust managers.

If a WebLogic Server is validating a certificate chain, the vulnerability may occur either 
during an inbound 2-way SSL request (i.e., when the user's certificate is validated) or 
during an outbound SSL request (i.e., when the remote server's certificate chain is 
validated), the report said.

It is reported that a validated and accepted certificate chain may be accepted even when 
the custom trust manager rejects the chain.  As a result, a remote user may be able to use 
two-way SSL to impersonate a target user or, when outbound SSL is used, impersonate a 
target server.

The following versions are affected:

8.1 Service Pack 2 and prior
7.0 released Service Pack 4 and prior.


For WebLogic Server and WebLogic Express version 8.1, the vendor recommends that you 
upgrade to SP2 or SP3 and install the following patch:

ftp://ftpna.beasys.com/pub/releases/security/CR129371_81sp2.jar

For WebLogic Server and WebLogic Express version 7.0, the vendor recommends that you 
upgrade to SP5.


 > Threat level: Medium - A remote attacker, when 2-way SSL is used with a custom trust
 > manager, might be able to exploit this vulnerability.
 > Severity: High - A successful attacker could impersonate a system administrator or a
 > remote server.

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2018, SecurityGlobal.net LLC