|
|
>> BEA WebLogic Information Disclosure and Security Bypass Vulnerabilities
|
Multiple vulnerabilities were identified in BEA WebLogic Server and WebLogic Express, which could be exploited by attackers to bypass security restrictions, gain knowledge of sensitive information, or cause a denial of service.
The first issue is due to an access validation error when multiple domains are created on the same machine by the same WebLogic Server instance, which could cause the created domains to be accessible to any administrative users of any of the domains.
The second vulnerability is due to an access validation error in MBean, which could be exploited via a remote Java client to access protected MBean attributes or cause a denial of service attack on the server.
The third flaw is due to an access validation error in the server log, which could be exploited by remote authenticated users to disclose configuration information.
The fourth issue is due to an error in the WebLogic Auditing provider that writes a configuration audit event to the "DefaultAuditRecorder.log" file in clear-text when changing a password, which could be exploited by attackers to disclose changed passwords.
The fifth flaw is due to an error when handling application code (e.g. EJBs or servlets) installed on the server, which could be exploited by attackers to install a malicious application code designed to decrypt encrypted passwords on the server.
The sixth issue is due to an error where newly configured security providers appear to be active despite the fact that the server will not use them until a server reboot, which can result in a false sense of security.
The seventh issue is due to an error in the way connection filtering is handled internally, which in certain configurations and under certain conditions could cause server performance to slow down.
The eighth flaw is due to an error in the server's SSL identity protection, which could be exploited by an untrusted application running in the server to gain knowledge of sensitive information.
The ninth vulnerability is due to an error in the Console that does not properly create JNDI security policies, which could result in JNDI security policies being ignored allowing remote anonymous attackers to access certain resources.
Affected Products
BEA WebLogic Server 9.0 (all platforms)
BEA WebLogic Server 8.1 through Service Pack 5 (all platforms)
BEA WebLogic Server 7.0 through Service Pack 6 (all platforms)
BEA WebLogic Server 6.1 through Service Pack 7 (all platforms)
Solution
Apply service packs and patches :
ftp://ftpna.bea.com/pub/releases/security/
ftp://ftpna.beasys.com/pub/releases/security/
References
http://www.vupen.com/english/advisories/2006/0313
http://dev2dev.bea.com/pub/advisory/165
http://dev2dev.bea.com/pub/advisory/166
http://dev2dev.bea.com/pub/advisory/168
http://dev2dev.bea.com/pub/advisory/170
http://dev2dev.bea.com/pub/advisory/171
http://dev2dev.bea.com/pub/advisory/173
http://dev2dev.bea.com/pub/advisory/174
http://dev2dev.bea.com/pub/advisory/175
http://dev2dev.bea.com/pub/advisory/176
Credits
Vulnerabilities reported by the vendor
ChangeLog
2006-01-24 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
