Search:

October 2005

AusCERT - BEA WebLogic - 24 security advisories released for WebLogic Server and WebLogic Express (AUSCERT ESB-2005.0815)

ID: 00904
Ref: 844/05
Date: 13 October 2005:15:21:20
Version: 1

Title: AusCERT - BEA WebLogic - 24 security advisories released for WebLogic Server and WebLogic Express (AUSCERT ESB-2005.0815)
Abstract: BEA Systems have released 24 security advisories for BEA WebLogic Server and WebLogic Express. Patches have now been released to fix these vulnerabilities.
Vendors affected: BEA Weblogic
Applications affected: BEA Weblogic

Title
=====
AusCERT - BEA WebLogic - 24 security advisories released for WebLogic Server and
WebLogic Express (AUSCERT ESB-2005.0815)

Detail
======

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2005.0815 -- BEA WebLogic
24 security advisories released for WebLogic Server and WebLogic Express
13 October 2005

===========================================================================

AusCERT Security Bulletin Summary
---------------------------------

Product: BEA WebLogic Server 9.0 and prior
BEA WebLogic Express
Publisher: BEA Systems
Operating System: Windows
UNIX variants
Impact: Access Privileged Data
Cross-site Scripting
Increased Privileges
Inappropriate Access
Denial of Service
Access Confidential Data
Provide Misleading Information
Access: Remote/Unauthenticated

Original Bulletin: http://dev2dev.bea.com/advisoriesnotifications/

BEA Systems have released 24 security advisories for BEA WebLogic Server and
WebLogic Express. Patches have now been released to fix these vulnerabilities.
Details are as follows:

BEA05-107.00
Too many invalid login attempts allowed.
Affects: WLS 8.1 (-SP5), WLS 7.0 (-SP6)
Advisory: http://dev2dev.bea.com/pub/advisory/161

BEA05-106.00
Requests for a servlet doing relative forwarding may result in a
Denial-of-Service (DOS) attack.
Affects: WLS 8.1 (-SP4), WLS 7.0 (-SP6)
Advisory: http://dev2dev.bea.com/pub/advisory/160

BEA05-105.00
Certain HTTP requests may be used to launch HTTP Request Smuggling attacks
on the server.
Affects: WLS 8.1 (-SP4), WLS 7.0 (-SP6), WLS 6.1 (-SP7)
Advisory: http://dev2dev.bea.com/pub/advisory/159

BEA05-104.00
Auditing of MBean configuration changes may stop.
Affects: WLS 8.1 (-SP4)
Advisory: http://dev2dev.bea.com/pub/advisory/158

BEA05-103.00
Multicast data is not encrypted.
Affects: WLS 8.1 (-SP4), WLS 7.0 (-SP5)
Advisory: http://dev2dev.bea.com/pub/advisory/157

BEA05-102.00
In specific circumstances, weblogic.Deployer communication with the
Administration server could be compromised.
Affects: WLS 8.1 (-SP4), WLS 7.0 (-SP6)
Advisory: http://dev2dev.bea.com/pub/advisory/156

BEA05-101.00
The documentation has been updated to recommend multiple administrator
accounts.
Affects: WLS 9.0, WLS 8.1, WLS 7.0
Advisory: http://dev2dev.bea.com/pub/advisory/155

BEA05-100.00
A password might be exposed in some Subjects constructed by the
IIOP protocol
Affects: WLS 8.1 (-SP4), WLS 7.0 (-SP6), WLS 6.1 (-SP7)
Advisory: http://dev2dev.bea.com/pub/advisory/154

BEA05-99.00
The password used to boot the server may appear in clear text in the
Windows registry.
Affects: WLS 8.1 (-SP4), WLS 7.0 (-SP6), WLS 6.1 (-SP7)
Advisory: http://dev2dev.bea.com/pub/advisory/153

BEA05-98.00
Sensitive system properties values are displayed in the server log.
Affects: WLS 8.1 (-SP4), WLS 7.0 (-SP5), WLS 6.1 (-SP7)
Advisory: http://dev2dev.bea.com/pub/advisory/152

BEA05-97.00
Servlet resources may not be fully protected when using
fullyDelegateAuthorization mode in the Administration Console.
Affects: WLS 8.1 (-SP3), WLS 7.0 (-SP5)
Advisory: http://dev2dev.bea.com/pub/advisory/151

BEA05-96.00
The passphrase for the private key used in the configuration of SSL
appears in cleartext when creating a WebLogic Server domain using
the Configuration Wizard.
Affects: WLS 8.1 (-SP3)
Advisory: http://dev2dev.bea.com/pub/advisory/150

BEA05-95.00
Exporting security policies from one operating system and importing to
another operating system can lead to servlets being unprotected.
Affects: WLS 8.1, WLS 7.0
Advisory: http://dev2dev.bea.com/pub/advisory/149

BEA05-94.00
The local file system may be accessed remotely by a user granted the
Admin security role.
Affects: WLS 8.1 (-SP3)
Advisory: http://dev2dev.bea.com/pub/advisory/148

BEA05-93.00
Servlet security constraint fails to properly protect root
Affects: WLS 8.1 (-SP3), WLS 7.0 (-SP5)
Advisory: http://dev2dev.bea.com/pub/advisory/147

BEA05-92.00
Principals from a derived Principal class may not be fully validated.
Affects: WLS 8.1 (-SP4), WLS 7.0 (-SP5)
Advisory: http://dev2dev.bea.com/pub/advisory/146

BEA05-91.00
The passphrase for the Trust keystore appears in clear text in the
nodemanager.config file.
Affects: WLS 8.1 (-SP3)
Advisory: http://dev2dev.bea.com/pub/advisory/145

BEA05-90.00
A patch is available to prevent users from accessing machine
information behind a firewall.
Affects: WLS 8.1 (-SP3)
Advisory: http://dev2dev.bea.com/pub/advisory/144

BEA05-89.00
Audit events may be posted with incorrect severity.
Affects: WLS 8.1 (-SP4), WLS 7.0 (-SP6)
Advisory: http://dev2dev.bea.com/pub/advisory/143

BEA05-88.00
A Deployed application can change privileges from Deployer to Admin.
Affects: WLS 8.1 (-SP4), WLS 7.0 (-SP6)
Advisory: http://dev2dev.bea.com/pub/advisory/142

BEA05-87.00
A malicious client can cause threads to hang on the server.
Affects: WLS 8.1 (-SP4), WLS 7.0 (-SP5), WLS 6.1 (-SP7)
Advisory: http://dev2dev.bea.com/pub/advisory/138

BEA05-86.00
In specific circumstances, client/server communications are not using
the SSL connection as expected
Affects: WLS 8.1 (-SP4), WLS 7.0 (-SP6), WLS 6.1 (-SP7)
Advisory: http://dev2dev.bea.com/pub/advisory/141

BEA05-85.00
Client/server communications that do not specify a user are not protected
by the SSL protocol correctly.
Affects: WLS 8.1 (-SP3), WLS 7.0 (-SP6), WLS 6.1 (-SP7)
Advisory: http://dev2dev.bea.com/pub/advisory/140

BEA05-80.02
Patches available to prevent multiple cross-site scripting (XSS)
vulnerabilities.
Affects: WLS 9.0, WLS 8.1 (-SP4), WLS 7.0 (-SP6), WLS 6.1 (-SP7)
Advisory: http://dev2dev.bea.com/pub/advisory/139

AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:

http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================

- -----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBQ03dWCh9+71yA2DNAQI1lgP/ZF6MB/SZakhqqYMcuJE8qMPJ5HzRBtAP
OQeXRTKhfCTCFOwIErHetP5o/+50s1/DP7f9TKbMna0jbaCPfjT6WheyXiE/MVIE
Ig5KQR6tiXpY99wMVNtud7GMpy127ezfSdN6Q9HXYQ+NrlnoyhSd2iLX8S9efiaS
K076SGVUqJU=
=ugbF
- -----END PGP SIGNATURE-----