|
BEA WebLogic Exposure of Password to Operators
|
|
|
|
|
Secunia Advisory:
|
SA10727
|
|
|
Release Date:
|
2004-01-27
|
|
|
Critical:
|
Less critical
|
|
Impact:
|
Privilege escalation
|
|
Where:
|
Local system
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | BEA WebLogic Express 8.x
BEA WebLogic Server 8.x
|
|
|
Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS! |
|
|
Description:
BEA has reported a vulnerability in WebLogic, which allows operators to gain knowledge of passwords.
The problem is that operators have access to the "ServerStartMBean.Password" and "NodeManagerMBean.CertificatePassword" attributes, which contain passwords. This can be exploited to gain administrative privileges.
The vulnerability affects WebLogic Server and Express 8.1 Service Pack 1 and prior on all platforms.
Solution:
Upgrade to Service Pack 2.
http://commerce.beasys.com/downloads/weblogic_server.jsp#wls
Provided and/or discovered by:
Reported by vendor.
Original Advisory:
http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_49.00.jsp
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
37 Related Secunia Security Advisories, displaying 10
|
|
|
1. Oracle WebLogic Server Apache Connector Buffer Overflow Vulnerability
|
|
2. Oracle Products Multiple Vulnerabilities
|
|
3. BEA WebLogic Products Multiple Vulnerabilities
|
|
4. BEA WebLogic Multiple Vulnerabilities and Security Issues
|
|
5. BEA Products Multiple Vulnerabilities
|
|
6. BEA WebLogic Multiple Vulnerabilities and Security Issues
|
|
7. BEA WebLogic Server/Express Multiple Security Issues
|
|
8. BEA WebLogic Server/Express Two Vulnerabilities
|
|
9. BEA WebLogic Server/Express Vulnerabilities and Security Issues
|
|
10. BEA WebLogic 24 Vulnerabilities and Security Issues
|
Show all related advisories
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
