Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2008.0174 -- [Win][UNIX/Linux]
BEA Systems release 21 security advisories for multiple products
26 February 2008
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: BEA AquaLogic Collaboration 4.2
BEA AquaLogic Interaction
BEA JRockit R24
BEA JRockit R25
BEA Plumtree Collaboration 4.1
BEA Plumtree Foundation
BEA Workshop for WebLogic
WebLogic Express
WebLogic Portal
WebLogic Server
WebLogic Workshop
Publisher: BEA Systems
Operating System: Windows
UNIX variants (UNIX, Linux, OSX)
Impact: Execute Arbitrary Code/Commands
Increased Privileges
Denial of Service
Cross-site Scripting
Access Confidential Data
Inappropriate Access
Reduced Security
Access: Remote/Unauthenticated
Existing Account
CVE Names: CVE-2008-0863 CVE-2008-0864 CVE-2008-0865
CVE-2008-0866 CVE-2008-0867 CVE-2008-0868
CVE-2008-0869 CVE-2008-0870 CVE-2008-0895
CVE-2008-0896 CVE-2008-0897 CVE-2008-0898
CVE-2008-0899 CVE-2008-0900 CVE-2008-0901
CVE-2008-0902 CVE-2008-0903 CVE-2008-0904
Revision History: February 26 2008: Added CVE Numbers.
February 22 2008: Added CVE Numbers.
February 20 2008: Initial Release
- --------------------------BEGIN INCLUDED TEXT--------------------
BEA Systems have released 21 security advisories for multiple products.
Patches have now been released to fix these vulnerabilities. Details are
as follows:
BEA08-183.00
Security policies on a WebLogic Portal Page can inadvertently be lost
by an administrator performing certain editing operations on that page.
Affects: WLP 8.1 (SP3-SP6)
Advisory: http://dev2dev.bea.com/pub/advisory/256
BEA08-184.00
An entitlement on an instance of a floatable portlet can be bypassed
Affects: WLP 8.1 (-SP6)
Advisory: http://dev2dev.bea.com/pub/advisory/257
BEA08-185.00
Cross-site scripting (XSS) vulnerabilities in Web applications using
WebLogic Workshop NetUI page flows
Affects: WLW 8.1 (-SP5)
Advisory: http://dev2dev.bea.com/pub/advisory/258
BEA08-186.00
BEA Plumtree Portal cross site scripting (XSS) vulnerability
Affects: BEA AquaLogic Interaction 6.1 (-MP1)
BEA Plumtree Foundation 6.0 (-SP1)
Advisory: http://dev2dev.bea.com/pub/advisory/259
BEA08-187.00
Web Service WSDL and policy is exposed to unauthenticated HTTP clients
Affects: WLS 9.1, WLS 9.0
Advisory: http://dev2dev.bea.com/pub/advisory/260
BEA08-188.00
JavaScript can be injected into the WLP Groupspace application and can
allow for an XSS exploit
Affects: WLP 10.0, WLP 9.2 (-MP1)
Advisory: http://dev2dev.bea.com/pub/advisory/261
BEA08-110.01
Cleartext database password in the config.xml file
Affects: WLP 8.1 (-SP3), WLP 7.0 (SP4 - SP7)
Advisory: http://dev2dev.bea.com/pub/advisory/262
BEA08-189.00
Cross-site scripting (XSS) vulnerabilities in Web applications using
either WebLogic Workshop NetUI or Apache Beehive NetUI page flows
Affects: WLW 10.0, WLW 9.2 (-MP1), WLW 9.1, WLW 9.0, WLW 8.1 (-SP6)
Advisory: http://dev2dev.bea.com/pub/advisory/263
BEA08-190.00
A WebLogic Portal Administration Console session can inadvertently
redirect from https port to an http port
Affects: WLP 10.0, WLP 9.2 (-MP2)
Advisory: http://dev2dev.bea.com/pub/advisory/264
BEA08-191.00
Tampering HTML request headers could lead to an elevation of privileges
Affects: WLS 10.0, WLS 9.2 (-MP1), WLS 9.1, WLS 9.0
WLS 8.1 (-SP6), WLS7.0 (-SP7), WLS 6.1 (-SP7)
Advisory: http://dev2dev.bea.com/pub/advisory/265
BEA08-192.00
When content portlets are deleted from one of the portals pages,
all entitlements are removed for the application
Affects: WLP 10.0, WLP 9.2 (-MP1)
Advisory: http://dev2dev.bea.com/pub/advisory/266
BEA08-193.00
Non-authorized user may be able to receive messages from a secured
JMS Topic destination
Affects: WLS 10, WLS 9.2 (-MP1), WLS 9.1, WLS 9.0
Advisory: http://dev2dev.bea.com/pub/advisory/267
BEA08-194.00
A non-authorized user may be able to send messages to a protected
distributed queue
Affects: WLS 10, WLS 9.2 (-MP1), WLS 9.1, WLS 9.0
Advisory: http://dev2dev.bea.com/pub/advisory/268
BEA08-195.00
Cross-site scripting vulnerability in Consoles Unexpected Exception Page
Affects: WLS 10.0, WLS 9.2 (-MP1), WLS 9.1, WLS 9.0
Advisory: http://dev2dev.bea.com/pub/advisory/269
BEA08-196.00
A session fixation exploit could result in elevated privileges
Affects: WLS 10.0, WLS 9.2 (-MP1), WLS 8.1 (SP4 - SP6)
Advisory: http://dev2dev.bea.com/pub/advisory/270
BEA08-197.00
Account lockout can be bypassed, exposing the account to a brute-force
password attack
Affects: WLS 10.0 (-MP1), WLS 9.2 (-MP2), WLS 9.1, WLS 9.0
WLS 8.1 (-SP6), WLS 7.0 (-SP7)
Advisory: http://dev2dev.bea.com/pub/advisory/271
BEA08-198.00
Multiple Security Vulnerabilities in Java Web Start and the Java Plug-in
for browsers
Affects: BEA JRockit R24:JRockit R24.3-1.4.2_04 to R24.5-1.4.2_08
BEA JRockit R25: JRockit R25.0-1.5.0 to R25.2-1.5.0_03
Advisory: http://dev2dev.bea.com/pub/advisory/272
BEA08-80.04
Patches available to prevent multiple cross-site scripting (XSS)
vulnerabilities
Affects: WLS 10.0 (-MP1), WLS 9.2 (-MP2), WLS 9.1, WLS 9.0
WLS 8.1 (-SP6), WLS 7.0 (-SP7), WLS 6.1 (-SP7)
Advisory: http://dev2dev.bea.com/pub/advisory/273
BEA08-159.01
Requests served through WebLogic proxy servlets may acquire
elevated privileges
Affects: WLS 9.1, WLS 9.0, WLS 8.1 (-SP5)
WLS 7.0 (-SP7), WLS 6.1 (-SP7)
Advisory: http://dev2dev.bea.com/pub/advisory/274
BEA08-199.00
A carefully constructed URL may cause the Sun, IIS or Apache
web-server to crash
Affects: Plug-ins dated prior to November 2007
Advisory: http://dev2dev.bea.com/pub/advisory/275
BEA08-200.00
Server files can be accessed by a remote user
Affects: BEA AquaLogic Collaboration 4.2, BEA Plumtree Collaboration 4.1
Advisory: http://dev2dev.bea.com/pub/advisory/276
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBR8NT0Ch9+71yA2DNAQIgLgP8DJkoiD2DKdBHi/5T48ReTmzRzMjtWlxS
DFsrgUjsH/oQxyCYx9Wk5gO5tE6qdPqD3ZDSxQSzXh2a10PlScxDuq5rcJNCXdUu
lBrWd3+K47t5Zg9uUDgxi5xZ/5+KJjBYlrRHuKUMkgapYWTMip5bkLjpPyA1gfTN
et6uydgQnOc=
=Ne5m
-----END PGP SIGNATURE-----