|
|
>> BEA Products Multiple Remote Denial of Service and Security Bypass Vulnerabilities
|
Multiple vulnerabilities have been identified in various BEA products, which could be exploited by remote or local attackers to cause a denial of service, execute arbitrary commands, disclose sensitive information, or bypass security restrictions. These issues are due to errors within the proxy services, entitlement policies, JRockit, audit events, proxy plug-in, access restrictions, EJB methods and calls, WS-Security runtime, certificate validation, thread management, certificate handling, SSL libraries, and user authorizations.
Affected Products
BEA AquaLogic Service Bus versions 2.0
BEA AquaLogic Service Bus versions 2.1
BEA AquaLogic Service Bus versions 2.5
BEA AquaLogic Enterprise Security versions 2.0
BEA AquaLogic Enterprise Security versions 2.1
BEA AquaLogic Enterprise Security versions 2.2
BEA WebLogic Server versions 9.2
BEA WebLogic Server versions 9.1
BEA WebLogic Server versions 9.0
BEA WebLogic Server versions 8.1
BEA WebLogic Server versions 7.0
BEA WebLogic Server versions 6.1
BEA WebLogic Portal versions 9.2
BEA WebLogic Platform versions 8.1
BEA WebLogic Server versions 8.1
BEA JRockit version 1.4.2 R24.5 and prior
Solution
Apply fixes :
http://edocs.bea.com/common/docs91/smart_update/quickrefax.html
References
http://www.vupen.com/english/advisories/2007/0213
http://dev2dev.bea.com/pub/advisory/225
http://dev2dev.bea.com/pub/advisory/224
http://dev2dev.bea.com/pub/advisory/223
http://dev2dev.bea.com/pub/advisory/222
http://dev2dev.bea.com/pub/advisory/221
http://dev2dev.bea.com/pub/advisory/220
http://dev2dev.bea.com/pub/advisory/219
http://dev2dev.bea.com/pub/advisory/218
http://dev2dev.bea.com/pub/advisory/217
http://dev2dev.bea.com/pub/advisory/216
http://dev2dev.bea.com/pub/advisory/215
http://dev2dev.bea.com/pub/advisory/214
http://dev2dev.bea.com/pub/advisory/213
http://dev2dev.bea.com/pub/advisory/212
http://dev2dev.bea.com/pub/advisory/211
http://dev2dev.bea.com/pub/advisory/210
http://dev2dev.bea.com/pub/advisory/209
http://dev2dev.bea.com/pub/advisory/208
http://dev2dev.bea.com/pub/advisory/207
http://dev2dev.bea.com/pub/advisory/206
http://dev2dev.bea.com/pub/advisory/205
http://dev2dev.bea.com/pub/advisory/204
http://dev2dev.bea.com/pub/advisory/203
http://dev2dev.bea.com/pub/advisory/202
http://dev2dev.bea.com/pub/advisory/201
http://dev2dev.bea.com/pub/advisory/200
http://dev2dev.bea.com/pub/advisory/199
http://dev2dev.bea.com/pub/advisory/198
http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-jrockit-java-virtual-machine/
Credits
Vulnerabilities reported by the vendor and Wade Alcorn and Marcus Pinto (NGSSoftware).
ChangeLog
2007-01-17 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
