Operating System:

Published:

13 October 2005

Protect yourself against future threats.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                       ESB-2005.0815 -- BEA WebLogic
 24 security advisories released for WebLogic Server and WebLogic Express
                              13 October 2005

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           BEA WebLogic Server 9.0 and prior
                   BEA WebLogic Express
Publisher:         BEA Systems
Operating System:  Windows
                   UNIX variants
Impact:            Access Privileged Data
                   Cross-site Scripting
                   Increased Privileges
                   Inappropriate Access
                   Denial of Service
                   Access Confidential Data
                   Provide Misleading Information
Access:            Remote/Unauthenticated

Original Bulletin: http://dev2dev.bea.com/advisoriesnotifications/


BEA Systems have released 24 security advisories for BEA WebLogic Server and 
WebLogic Express. Patches have now been released to fix these vulnerabilities. 
Details are as follows:


BEA05-107.00
Too many invalid login attempts allowed.
Affects: WLS 8.1 (-SP5), WLS 7.0 (-SP6)
Advisory: http://dev2dev.bea.com/pub/advisory/161


BEA05-106.00
Requests for a servlet doing relative forwarding may result in a 
Denial-of-Service (DOS) attack.
Affects: WLS 8.1 (-SP4), WLS 7.0 (-SP6)
Advisory: http://dev2dev.bea.com/pub/advisory/160


BEA05-105.00
Certain HTTP requests may be used to launch HTTP Request Smuggling attacks 
on the server.
Affects: WLS 8.1 (-SP4), WLS 7.0 (-SP6), WLS 6.1 (-SP7)
Advisory: http://dev2dev.bea.com/pub/advisory/159


BEA05-104.00
Auditing of MBean configuration changes may stop.  
Affects: WLS 8.1 (-SP4)
Advisory: http://dev2dev.bea.com/pub/advisory/158


BEA05-103.00
Multicast data is not encrypted.
Affects: WLS 8.1 (-SP4), WLS 7.0 (-SP5)
Advisory: http://dev2dev.bea.com/pub/advisory/157


BEA05-102.00
In specific circumstances, weblogic.Deployer communication with the 
Administration server could be compromised.
Affects: WLS 8.1 (-SP4), WLS 7.0 (-SP6)
Advisory: http://dev2dev.bea.com/pub/advisory/156


BEA05-101.00
The documentation has been updated to recommend multiple administrator 
accounts.
Affects: WLS 9.0, WLS 8.1, WLS 7.0
Advisory: http://dev2dev.bea.com/pub/advisory/155


BEA05-100.00
A password might be exposed in some Subjects constructed by the 
IIOP protocol
Affects: WLS 8.1 (-SP4), WLS 7.0 (-SP6), WLS 6.1 (-SP7)
Advisory: http://dev2dev.bea.com/pub/advisory/154


BEA05-99.00
The password used to boot the server may appear in clear text in the 
Windows registry.
Affects: WLS 8.1 (-SP4), WLS 7.0 (-SP6), WLS 6.1 (-SP7)
Advisory: http://dev2dev.bea.com/pub/advisory/153


BEA05-98.00
Sensitive system properties values are displayed in the server log.
Affects: WLS 8.1 (-SP4), WLS 7.0 (-SP5), WLS 6.1 (-SP7)
Advisory: http://dev2dev.bea.com/pub/advisory/152


BEA05-97.00
Servlet resources may not be fully protected when using 
fullyDelegateAuthorization mode in the Administration Console.
Affects: WLS 8.1 (-SP3), WLS 7.0 (-SP5)
Advisory: http://dev2dev.bea.com/pub/advisory/151


BEA05-96.00
The passphrase for the private key used in the configuration of SSL 
appears in cleartext when creating a WebLogic Server domain using 
the Configuration Wizard.
Affects: WLS 8.1 (-SP3)
Advisory: http://dev2dev.bea.com/pub/advisory/150


BEA05-95.00
Exporting security policies from one operating system and importing to 
another operating system can lead to servlets being unprotected.
Affects: WLS 8.1, WLS 7.0
Advisory: http://dev2dev.bea.com/pub/advisory/149


BEA05-94.00
The local file system may be accessed remotely by a user granted the 
Admin security role.
Affects: WLS 8.1 (-SP3)
Advisory: http://dev2dev.bea.com/pub/advisory/148


BEA05-93.00
Servlet security constraint fails to properly protect root
Affects: WLS 8.1 (-SP3), WLS 7.0 (-SP5)
Advisory: http://dev2dev.bea.com/pub/advisory/147


BEA05-92.00
Principals from a derived Principal class may not be fully validated.
Affects: WLS 8.1 (-SP4), WLS 7.0 (-SP5)
Advisory: http://dev2dev.bea.com/pub/advisory/146


BEA05-91.00
The passphrase for the Trust keystore appears in clear text in the 
nodemanager.config file.
Affects: WLS 8.1 (-SP3)
Advisory: http://dev2dev.bea.com/pub/advisory/145


BEA05-90.00
A patch is available to prevent users from accessing machine 
information behind a firewall.
Affects: WLS 8.1 (-SP3)
Advisory: http://dev2dev.bea.com/pub/advisory/144


BEA05-89.00
Audit events may be posted with incorrect severity.
Affects: WLS 8.1 (-SP4), WLS 7.0 (-SP6)
Advisory: http://dev2dev.bea.com/pub/advisory/143


BEA05-88.00
A Deployed application can change privileges from Deployer to Admin.
Affects: WLS 8.1 (-SP4), WLS 7.0 (-SP6)
Advisory: http://dev2dev.bea.com/pub/advisory/142


BEA05-87.00
A malicious client can cause threads to hang on the server.
Affects: WLS 8.1 (-SP4), WLS 7.0 (-SP5), WLS 6.1 (-SP7)
Advisory: http://dev2dev.bea.com/pub/advisory/138


BEA05-86.00
In specific circumstances, client/server communications are not using 
the SSL connection as expected
Affects: WLS 8.1 (-SP4), WLS 7.0 (-SP6), WLS 6.1 (-SP7)
Advisory: http://dev2dev.bea.com/pub/advisory/141


BEA05-85.00
Client/server communications that do not specify a user are not protected 
by the SSL protocol correctly.
Affects: WLS 8.1 (-SP3), WLS 7.0 (-SP6), WLS 6.1 (-SP7)
Advisory: http://dev2dev.bea.com/pub/advisory/140


BEA05-80.02
Patches available to prevent multiple cross-site scripting (XSS) 
vulnerabilities.
Affects: WLS 9.0, WLS 8.1 (-SP4), WLS 7.0 (-SP6), WLS 6.1 (-SP7) 
Advisory: http://dev2dev.bea.com/pub/advisory/139


AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBQ03dWCh9+71yA2DNAQI1lgP/ZF6MB/SZakhqqYMcuJE8qMPJ5HzRBtAP
OQeXRTKhfCTCFOwIErHetP5o/+50s1/DP7f9TKbMna0jbaCPfjT6WheyXiE/MVIE
Ig5KQR6tiXpY99wMVNtud7GMpy127ezfSdN6Q9HXYQ+NrlnoyhSd2iLX8S9efiaS
K076SGVUqJU=
=ugbF
-----END PGP SIGNATURE-----