NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Secunia Advisories> 2003-q3

[sec-adv] BEA WebLogic Server / Express Administrator Password Disclosure Vulnerability

From: Secunia Security Advisories (sec-advsecunia.com)
Date: Fri Jul 11 2003 - 05:16:36 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

TITLE:
BEA WebLogic Server / Express Administrator Password Disclosure
Vulnerability

READ ONLINE:
http://www.secunia.com/advisories/9232/

CRITICAL:
Less critical

IMPACT:
Exposure of sensitive information, Privilege escalation

WHERE:
Local system

SOFTWARE:
BEA WebLogic Server 7.x
BEA WebLogic Express 7.x
BEA WebLogic Server 8.x
BEA WebLogic Express 8.x

DESCRIPTION:
A vulnerability has been identified in BEA WebLogic Server and
Express, which can be exploited by malicious Operator users to
potentially gain knowledge of Administrator users' passwords.

The vulnerability is caused due to an access control error, since
users in the Operator role have both read and write access to the
username and password used for remote starting of servers. If these
credentials belong to a user in the Admin role, this could then be
exploited to gain higher privileges.

The vulnerability affects the following versions:
- WebLogic Server and Express 8.1 (all platforms)
- WebLogic Server and Express 7.0 and 7.0.0.1 (all platforms)

NOTE: The vulnerability only occurs when the Node Manager is used,
and there are users in the Operator role, who are not also in the
Admin role.

SOLUTION:
Apply patch.

WebLogic Server and Express 8.1:
ftp://ftpna.beasys.com/pub/releases/security/CR105809_81_ga.jar

For WebLogic Server and Express 7.0 and 7.0.0.1 (requires SP2):
ftp://ftpna.beasys.com/pub/releases/security/CR105809_70sp2.jar

ORIGINAL ADVISORY:
http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-33.jsp

----------------------------------------------------------------------

Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

Contact details:
Web : http://www.secunia.com/
E-mail : supportsecunia.com
Tel : +44 (0) 20 7016 2693
Fax : +44 (0) 20 7637 0419

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories

----------------------------------------------------------------------

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]