Secunia Security Advisory - This particular advisory sums up about a dozen BEA WebLogic advisories. Everything from security bypass, manipulation of data, exposure of system information, and denial of service vulnerabilities exist for BEA WebLogic Server 6.x, 7.x, 8.x and BEA WebLogic Express 6.x, 7.x, 8.x.
a8b408b4ca8d5290596e88b195650c59c004b17123c3195ba681344f76dd2147
TITLE:
BEA WebLogic Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA12524
VERIFY ADVISORY:
http://secunia.com/advisories/12524/
CRITICAL:
Moderately critical
IMPACT:
Security Bypass, Manipulation of data, Exposure of system
information, Exposure of sensitive information, DoS
WHERE:
>From remote
SOFTWARE:
BEA WebLogic Server 8.x
http://secunia.com/product/1360/
BEA WebLogic Server 7.x
http://secunia.com/product/754/
BEA WebLogic Server 6.x
http://secunia.com/product/753/
BEA WebLogic Express 8.x
http://secunia.com/product/1843/
BEA WebLogic Express 7.x
http://secunia.com/product/1282/
BEA WebLogic Express 6.x
http://secunia.com/product/1281/
DESCRIPTION:
Multiple vulnerabilities have been reported in WebLogic, where the
most critical can be exploited by malicious people to access
sensitive information.
1) Internal server objects bounded into the JNDI tree are
insufficiently protected. This can be exploited using a malicious
object to access sensitive information or cause a DoS (Denial of
Service) by unbinding the server object.
Successful exploitation requires access to the JNDI tree.
The vulnerability reportedly affects:
* WebLogic Server / Express 8.1, released through Service Pack 2, on
all platforms
* WebLogic Server / Express 7.0, released through Service Pack 5, on
all platforms
* WebLogic Server / Express 6.1, released through Service Pack 6, on
all platforms
2) Insufficient authorization on some weblogic.Admin commands can be
exploited to execute these commands without supplying a username and
password.
Successful exploitation can cause a DoS or potentially be used to
access configuration information.
The vulnerability reportedly affects:
* WebLogic Server / Express 8.1, released through Service Pack 2, on
all platforms
* WebLogic Server / Express 7.0, released through Service Pack 5, on
all platforms
3) A problem exists concerning installations where the OS provides
case-sensitive filenames and cross-mounts directories containing web
applications from an OS that does not support case-sensitive
filenames. This can potentially cause incorrectly evaluated URL
patterns in web.xml to not properly protect resources.
The vulnerability reportedly affects:
* For WebLogic Server / Express 8.1, released through Service Pack 2,
on non-Windows platforms
* For WebLogic Server / Express 7.0, released through Service Pack 5,
on non-Windows platforms
* For WebLogic Server / Express 6.1, released through Service Pack 6,
on non-Windows platforms
4) A problem caused due to storing clear text passwords embedded in
some command-line utilities and administrative tasks. This can e.g.
be exploited by any malicious, local user who can read the utility
source to get access to the password.
The vulnerability reportedly affects:
* WebLogic Server / Express 8.1, released through Service Pack 2, on
all platforms.
* WebLogic Server / Express 7.0, released through Service Pack 4, on
all platforms.
* WebLogic Server / Express 6.1, released through Service Pack 6, on
all platforms.
5) A problem caused due to the password in certain situations being
echoed back to the the administrator when booting the server on the
Linux operating system via the WebLogic Administrative Console. This
may potentially disclose the administrator's password to other
people.
The vulnerability reportedly affects:
* WebLogic Server / Express 8.1, released through Service Pack 2, on
Linux
* WebLogic Server / Express 7.0, released through Service Pack 5, on
Linux
* WebLogic Server / Express 6.1, released through Service Pack 6, on
Linux
6) A problem caused due to the server version being sent in a HTTP
header can be exploited by sending a HTTP request to retrieve the
version number of the current running server. Malicious people can
use this information to check if a system is vulnerable to a specific
issue.
The vulnerability reportedly affects:
* WebLogic Server / Express 8.1, released through Service Pack 2, on
all platforms
* WebLogic Server / Express 7.0, released through Service Pack 5, on
all platforms
* WebLogic Server / Express 6.1, released through Service Pack 6, on
all platforms
7) The vulnerability is caused due to an internal error, which can
cause an application to be left with incomplete security roles and
policies. This will however only happen if the internal error occurs
in one of the security providers during deployment. This can be
exploited to compromise application security.
The vulnerability reportedly affects:
* WebLogic Server / Express 8.1, released through Service Pack 2, on
all platforms
* WebLogic Server / Express 7.0, released through Service Pack 5, on
all platforms
8) Insufficient restrictions on disabled users can be exploited to
logon even though the user account has been disabled (but not
deleted).
The vulnerability reportedly affects:
* WebLogic Server / Express 8.1, released through Service Pack 2, on
all platforms when Active Directory LDAP server is used for
authentication
* WebLogic Server / Express 7.0, released through Service Pack 5, on
all platforms when Active Directory LDAP server is used for
authentication
9) Certain sensitive data and configuration information may be sent
in clear-text and can e.g. be exploited to access and potentially
replace configuration information.
Successful exploitation requires that a person can sniff network
traffic and that the administrator port is not enabled.
The issue reportedly affects the following versions:
* WebLogic Server / Express 8.1 on all platforms
* WebLogic Server / Express 7.0 on all platforms.
SOLUTION:
Patches are available (see the original vendor advisories).
PROVIDED AND/OR DISCOVERED BY:
Reported by vendor.
ORIGINAL ADVISORY:
http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04-65.00.jsp
http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04-66.00.jsp
http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04-67.00.jsp
http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04-68.00.jsp
http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04-69.00.jsp
http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04-70.00.jsp
http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04-71.00.jsp
http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04-72.00.jsp
http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04-73.00.jsp
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed