|
|
Info |
Last Modified |
| 5 months ago |
|
|
|
|
Description |
BEA WebLogic Server and BEA WebLogic Express contain a flaw that may allow a malicious user to gain access to unauthorized resources. The issue is triggered when a Web application has specified a role of name * in a <role-name> tag contained within a <security-constraint> tag. This flaw may lead to a loss of Confidentiality.
|
|
Classification |
Location:
Remote/Network Access Required
Attack Type:
Input Manipulation,
Misconfiguration
Impact:
Loss of Confidentiality
Exploit:
Exploit Unknown
Disclosure:
OSVDB Verified
|
|
Solution |
Upgrade to versions 7.0 SP6, 8.1 SP3 or higher when they become available, as they have been reported to fix this vulnerability. The vendor has also released a set of patches that can be applied to version 7.0 SP5 and 8.1 SP2.
|
|
Products |
|
WebLogic Server
 |
7.0 |
8.1 |
7.0 SP4 |
8.1 SP2 |
7.0 SP1 |
7.0 SP2 |
7.0 SP3 |
8.1 SP1 |
7.0 SP5 |
WebLogic Express
|
7.0 |
8.1 |
7.0 SP4 |
8.1 SP2 |
7.0 SP1 |
7.0 SP2 |
7.0 SP3 |
8.1 SP1 |
7.0 SP5 |
|
|
|
|
Credit |
- BEA Systems - BEA Systems
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
