|
|
Info |
Last Modified |
| 6 months ago |
|
|
|
|
Description |
BEA WebLogic Express and WebLogic Server contains a flaw that may allow a malicious user to delete a remote Enterprise JavaBean (EJB) object reguardless of permissions. The issue is triggered when the application invokes a remove() method from the EJB. It is possible that the flaw may allow the EJB object to be unexported resulting in a loss of availability.
|
|
Classification |
Location:
Remote/Network Access Required
Attack Type:
Denial of Service,
Other
Impact:
Loss of Availability
Exploit:
Exploit Unknown
Disclosure:
OSVDB Verified
|
|
Solution |
Upgrade to version 6.1 SP6 CR134122 or higher, 7.0 SP5 or higher, or 8.1 SP2 CR134122 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
|
|
Products |
|
WebLogic Server
 |
6.1 |
7.0 |
8.1 |
6.1 SP6 |
7.0 SP4 |
8.1 SP2 |
7.0 SP1 |
7.0 SP2 |
7.0 SP3 |
8.1 SP1 |
6.1 SP1 |
6.1 SP2 |
6.1 SP3 |
6.1 SP4 |
6.1 SP5 |
WebLogic Express
|
6.1 |
7.0 |
8.1 |
6.1 SP6 |
7.0 SP4 |
8.1 SP2 |
7.0 SP1 |
7.0 SP2 |
7.0 SP3 |
8.1 SP1 |
6.1 SP1 |
6.1 SP2 |
6.1 SP3 |
6.1 SP4 |
6.1 SP5 |
|
|
|
|
Credit |
Unknown or Incomplete
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
