• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: Multiple BEA WebLogic Applications Multiple Vulnerabilities

Severity: HIGH

Description:

WebLogic platforms are enterprise-level application servers distributed by BEA Systems.

Multiple BEA WebLogic applications are affected by the following vulnerabilities:

- Multiple undisclosed cross-site scripting vulnerabilities occur because the software fails to adequately validate user-supplied input. This issue is being tracked by security advisory BEA07-80.03. This bulletin has been replaced by BEA08-80.04.
http://dev2dev.bea.com/pub/advisory/232
- Multiple information-disclosure vulnerabilities occur because password data supplied to the 'cnsbind', cnsunbind', and 'cnsls' commands may be returned to the screen in clear text. This issue is being tracked by security advisory BEA07-158.00.

- Multiple privilege-escalation vulnerabilities affect WebLogic servers when HttpClusterServlet or HttpProxyServlet are configured with the 'SecureProxy' parameter. External requests to the WebLogic backend may be served by a privileged system identity instead of the proxy's identity. This can allow attackers to access certain administrative resources. This issue is being tracked by security advisory BEA07-159.00. This bulletin has been replaced by BEA08-159.01.

- A security-bypass vulnerability occurs due to a lack of authentication on JMS backend servers. Attackers could exploit this issue to read and write messages on an unauthorized queue. This issue is being tracked by security advisory BEA07-160.00.

- A brute-force attack is possible on servers with certain configurations because the software fails to limit authentication attempts by users inside the firewall. An attacker can exploit this issue to determine the administrative password or to cause denial-of-service conditions. This issue is being tracked by security advisory BEA07-161.00.

- An information-disclosure vulnerability occurs because security properties specified via the Administration Console may be displayed in clear text. Users authorized to access the console may gain access to sensitive information that can aid in further attacks. This issue is being tracked by security advisory BEA07-162.00.

- An information-disclosure vulnerability presents itself when the 'configToScript' command is used to convert existing server configuration data to an executable script. The script contains data sufficient to create a new WebLogic domain. Attackers can view some of the data in the script, such as the node-manager password, which is not encrypted. This issue is being tracked by security advisory BEA07-163.00.

- A security-bypass issue occurs because the Administration Console ignores certain Domain Security Policies that limit deployment, updates, and file-upload permissions. This allows users with restricted access to the Administration Console to upload arbitrary files for deployment. This issue is being tracked by security advisory BEA07-164.00.

- A security-bypass issue affects JMS Bridges configured without username and password data for their destination. Messages sent via the bridge can be transferred to a queue without being validated by an access policy. Furthermore, the bridge may ignore username and password data when a connection URL is not defined. This issue is being tracked by security advisory BEA07-165.00.

- Multiple HTML-injection vulnerabilities affect the WebLogic GroupSpace application because it fails to adequately sanitize user-supplied input data before rendering it in a user's browser. This issue is being tracked by security advisory BEA07-166.00.

- A security-bypass vulnerability resides in the WebLogic Portal Administration Console and portal applications that use WebLogic Portal APIs. When Portal or Delegated administrators enter a user role description of more than 255 characters, the user's entitlements will become corrupted and allow the user to access otherwise protected resources. This issue is being tracked by security advisory BEA07-167.00.

- A denial-of-service vulnerability affects the WebLogic Server SSL port. Under certain unspecified configurations and circumstances, an attacker can access the port when the socket is half-closed. This will effectively deny service to the port, requiring a restart to rectify service outage. This issue is being tracked by security advisory BEA07-168.00.

- A directory-traversal vulnerability affects applications deployed in exploded format to a development environment. An attacker can use directory-traversal strings (../) with the Test View Console to reveal directory information to the WebLogic Workshop Directory (wlwdir). This issue is being tracked by security advisory BEA07-170.00.

An attacker can exploit these issues to gain privileged access to affected applications, to access potentially sensitive information that could aid in further attacks, or to deny service to legitimate users. Successful attacks can result in the compromise of the applications. Other attacks are also possible.

Affected Products:

• BEA Systems Tuxedo 8.0.0
• BEA Systems Tuxedo 8.1.0
• BEA Systems WebLogic Enterprise 5.1.0
• BEA Systems WebLogic Express 10.0
• BEA Systems WebLogic Express 6.1.0
• BEA Systems WebLogic Express 6.1.0 SP 1
• BEA Systems WebLogic Express 6.1.0 SP 2
• BEA Systems WebLogic Express 6.1.0 SP 3
• BEA Systems WebLogic Express 6.1.0 SP 4
• BEA Systems WebLogic Express 6.1.0 SP 5
• BEA Systems WebLogic Express 6.1.0 SP 7
• BEA Systems WebLogic Express 6.1.0 SP6
• BEA Systems WebLogic Express 7.0.0
• BEA Systems WebLogic Express 7.0.0 SP 1
• BEA Systems WebLogic Express 7.0.0 SP 2
• BEA Systems WebLogic Express 7.0.0 SP 3
• BEA Systems WebLogic Express 7.0.0 SP 4
• BEA Systems WebLogic Express 7.0.0 SP 5
• BEA Systems WebLogic Express 7.0.0 SP 6
• BEA Systems WebLogic Express 7.0.0 SP 7
• BEA Systems WebLogic Express 8.1.0
• BEA Systems WebLogic Express 8.1.0 SP 1
• BEA Systems WebLogic Express 8.1.0 SP 2
• BEA Systems WebLogic Express 8.1.0 SP 3
• BEA Systems WebLogic Express 8.1.0 SP 4
• BEA Systems WebLogic Express 8.1.0 SP 5
• BEA Systems WebLogic Express 9.0
• BEA Systems WebLogic Express 9.1
• BEA Systems WebLogic Express 9.2
• BEA Systems WebLogic Integration 8.1.0
• BEA Systems WebLogic Integration 8.1.0 SP2
• BEA Systems WebLogic Integration 8.1.0 SP3
• BEA Systems WebLogic Integration 8.1.0 SP4
• BEA Systems WebLogic Integration 8.1.0 SP5
• BEA Systems WebLogic Integration 8.1.0 SP6
• BEA Systems WebLogic Integration 9.2
• BEA Systems WebLogic Portal 9.2
• BEA Systems WebLogic Workshop 8.1.0 SP 2
• BEA Systems WebLogic Workshop 8.1.0 SP 3
• BEA Systems WebLogic Workshop 8.1.0 SP 4
• BEA Systems WebLogic Workshop 8.1.0 SP 5
• BEA Systems WebLogic Workshop 8.1.0 SP 6
• BEA Systems Weblogic Server 10.0
• BEA Systems Weblogic Server 7.0.0
• BEA Systems Weblogic Server 7.0.0 .0.1
• BEA Systems Weblogic Server 7.0.0 .0.1 SP 1
• BEA Systems Weblogic Server 7.0.0 .0.1 SP 2
• BEA Systems Weblogic Server 7.0.0 .0.1 SP 3
• BEA Systems Weblogic Server 7.0.0 .0.1 SP 4
• BEA Systems Weblogic Server 7.0.0 SP 1
• BEA Systems Weblogic Server 7.0.0 SP 2
• BEA Systems Weblogic Server 7.0.0 SP 3
• BEA Systems Weblogic Server 7.0.0 SP 4
• BEA Systems Weblogic Server 7.0.0 SP 5
• BEA Systems Weblogic Server 7.0.0 SP 6
• BEA Systems Weblogic Server 7.0.0 SP 7
• BEA Systems Weblogic Server 8.1.0
• BEA Systems Weblogic Server 8.1.0 SP 1
• BEA Systems Weblogic Server 8.1.0 SP 2
• BEA Systems Weblogic Server 8.1.0 SP 3
• BEA Systems Weblogic Server 8.1.0 SP 4
• BEA Systems Weblogic Server 8.1.0 SP 5
• BEA Systems Weblogic Server 8.1.0 SP 6
• BEA Systems Weblogic Server 9.0
• BEA Systems Weblogic Server 9.1
• BEA Systems Weblogic Server 9.2

References:

• BEA: BEA08-159.01 Security Advisories and Notifications
• BEA: BEA08-80.04 Security Advisories and Notifications
• BEA Systems: BEA Systems Security Advisory (BEA07-164.01)
• BEA Systems: BEA07-158.00
• BEA Systems: BEA07-159.00
• BEA Systems: BEA07-160.00
• BEA Systems: BEA07-161.00
• BEA Systems: BEA07-162.00
• BEA Systems: BEA07-163.00
• BEA Systems: BEA07-164.00
• BEA Systems: BEA07-165.00
• BEA Systems: BEA07-166.00
• BEA Systems: BEA07-167.00
• BEA Systems: BEA07-168.00
• BEA Systems: BEA07-170.00
• BEA Systems: BEA07-80.03
• BEA Systems: Vendor Homepage

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.