Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Web Server/CGI)  >   Oracle WebLogic Vendors:   BEA Systems
BEA WebLogic Server Multiple Bugs Let Remote Users Deny Service, Gain Elevated Privileges
SecurityTracker Alert ID:  1018057
SecurityTracker URL:
CVE Reference:   CVE-2007-2695, CVE-2007-2696, CVE-2007-2697, CVE-2007-2698, CVE-2007-2699, CVE-2007-2700, CVE-2007-2701, CVE-2007-2704   (Links to External Site)
Updated:  Feb 21 2008
Original Entry Date:  May 14 2007
Impact:   Denial of service via network, Host/resource access via network, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 6.1, 7.0, 8.1, 9.0, 9.1
Description:   Several vulnerabilities were reported in BEA WebLogic Server. A remote user can gain elevated privileges on the target application. A remote user can cause denial of service conditions.

When the WebLogic HttpClusterServlet or HttpProxyServlet is configured with the 'SecureProxy' parameter, the system may serve external requests to back-end WebLogic servers using a system identity instead of the proxy's identity [BEA08-159.01, which supersedes BEA07-159.00]. As a result, a remote user may be able to gain access to certain administrative resources.

WebLogic JMS systems may fail to perform security access checks on the JMS back-end server [BEA07-160.00]. A remote user can bypass the front-end validation to read or write messages from a protected queue.

In certain configurations, the WebLogic Server embedded LDAP service does not limit or audit failed login attempts [BEA07-161.00]. A remote user can conduct brute force password guessing attacks without limit to determine the administrator's password.

A remote authenticated user with privileges to access the WebLogic console may be able to view certain potentially sensitive Web Service attributes in clear text, including passwords used by credential providers and token handlers [BEA07-162.00].

The WebLogic Scripting Tool script generated by 'configToScript' may not encrypt sensitive attributes when creating a new domain [BEA07-163.00]. A local user or remote authenticated user with read access to configuration files may be able to view the clear text value of certain potentially sensitive attributes (e.g., node manager password).

A remote authenticated administrative user with the 'Deployer' role may be able to upload archives even if the Domain Security Policies restrict this ability [BEA07-164.01].

A WebLogic JMS Message Bridge that is configured without a destination username and password may allow a remote user to bypass security policy and send messages to a restricted queue [BEA07-165.00].

In specific configurations, a remote user can cause the SSL port to become unavailable [BEA07-168.00]. The WebLogic Server will continue to process requests received on other ports. The server must be restarted to return the SSL port to normal operations.

Impact:   A remote user can gain elevated privileges on the target application.

A remote user can bypass security policies.

A remote user can cause denial of service conditions.

Solution:   The vendor has issued several patches, each described in a separate advisory. The vendor advisories are available at:

On February 19, 2008, the vendor issued a revised fix for version 9.0 [BEA08-159.01 supersedes BEA07-159.00].

On May 23, 2007, BEA Systems issued a revised solution to replace the solution originally described in BEA07-164.00. The new advisory is numbered BEA07-164.01 but is available at the same URL as the old advisory:

Vendor URL: (Links to External Site)
Cause:   Access control error, Exception handling error
Underlying OS:  Linux (Red Hat Enterprise), Linux (SuSE), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), Windows (NT), Windows (2000), Windows (2003)

Message History:   None.

 Source Message Contents

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, LLC