|
|
Info |
Last Modified |
| 6 months ago |
|
|
|
|
Description |
WebLogic Express and WebLogic Server contains a flaw that may allow a remote attacker to gain access to unauthorized privileges. The issue is triggered when a weblogic.xml file is edited through Weblogic Builder or the SecurityRoleAssignmentMBean.toXML() method, which causes the permissions to reset to defaults allowing access to the web application. This flaw may lead to a loss of confidentiality.
|
|
Classification |
Location:
Remote/Network Access Required
Attack Type:
Misconfiguration
Impact:
Loss of Confidentiality
Exploit:
Exploit Unknown
Disclosure:
OSVDB Verified
OSVDB:
Web Related
|
|
Solution |
Currently, there are no known workarounds to correct this issue. However, BEA Systems has released the following solution to address this vulnerability:
For WebLogic Server and WebLogic Express 7.0:
Upgrade to version 7.0 Service Pack 5 and apply the appropriate patch
For WebLogic Server and WebLogic Express 8.1:
Upgrade to version 8.1 Service Pack 2 and apply the appropriate patch
|
|
Products |
|
WebLogic Server
 |
7.0 |
8.1 |
7.0 SP4 |
7.0 SP1 |
7.0 SP2 |
7.0 SP3 |
8.1 SP1 |
WebLogic Express
|
7.0 |
8.1 |
7.0 SP4 |
7.0 SP1 |
7.0 SP2 |
7.0 SP3 |
8.1 SP1 |
|
|
|
|
Credit |
Unknown or Incomplete
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
