From: Secunia Security Advisories (sec-advsecunia.com)
Date: Fri Jul 11 2003 - 05:50:37 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

TITLE:
BEA WebLogic Server / Express Unauthorised Console Access
Vulnerability

READ ONLINE:
http://www.secunia.com/advisories/9231/

CRITICAL:
Less critical

IMPACT:
Security Bypass

WHERE:
From remote

SOFTWARE:
BEA WebLogic Express 7.x
BEA WebLogic Server 7.x

DESCRIPTION:
A vulnerability has been identified in BEA WebLogic Server and
Express, which can be exploited by malicious people to gain
unautorised access to the console.

The problem is that it is possible to gain access to console through
the managed server's listen port when MSI (Managed Server
Independence) is used and a firewall or content filter restricts
access to the console.

The vulnerablity affects the following versions:
- WebLogic Server and Express 7.0 and 7.0.0.1 (all platforms)

SOLUTION:
Apply patch (requires SP2):
ftp://ftpna.beasys.com/pub/releases/security/CR105624_70sp2.jar

ORIGINAL ADVISORY:
http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-32.jsp

----------------------------------------------------------------------

Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

Contact details:
Web : http://www.secunia.com/
E-mail : supportsecunia.com
Tel : +44 (0) 20 7016 2693
Fax : +44 (0) 20 7637 0419

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories

----------------------------------------------------------------------

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]