Technical Description

Multiple vulnerabilities were identified in BEA WebLogic Portal, which could be exploited by attackers to bypass security restrictions or gain knowledge of sensitive information.

The first issue is due to an error where the database password for the RDBMS Authentication provider is stored in cleartext in the "config.xml" file on the server's file system, which could be exploited by attackers to gain unauthorized access to database.

The second flaw is due to an error where the file source for deployment descriptors file is incorrectly served to the browser, which could be exploited by attackers to gain knowledge of sensitive information.

The third vulnerability is due to an input validation error in the Web Services Remote Portlets (WSRP), which could be exploited by attackers to access unintended web resources even if those resources are located behind a firewall.

Affected Products

BEA WebLogic Portal version 8.1 through Service Pack 5

Solution

Upgrade to WebLogic Portal 8.1 Service Pack 5 and apply the patch :
ftp://ftpna.beasys.com/pub/releases/security/patch_CR229017_81SP5.zip

References

http://www.vupen.com/english/advisories/2006/0312
http://dev2dev.bea.com/pub/advisory/167
http://dev2dev.bea.com/pub/advisory/169
http://dev2dev.bea.com/pub/advisory/172

Credits

Vulnerabilities reported by EPAM Systems and the vendor

ChangeLog

2006-01-24 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.