Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2008.0174 -- [Win][UNIX/Linux] BEA Systems release 21 security advisories for multiple products 26 February 2008 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: BEA AquaLogic Collaboration 4.2 BEA AquaLogic Interaction BEA JRockit R24 BEA JRockit R25 BEA Plumtree Collaboration 4.1 BEA Plumtree Foundation BEA Workshop for WebLogic WebLogic Express WebLogic Portal WebLogic Server WebLogic Workshop Publisher: BEA Systems Operating System: Windows UNIX variants (UNIX, Linux, OSX) Impact: Execute Arbitrary Code/Commands Increased Privileges Denial of Service Cross-site Scripting Access Confidential Data Inappropriate Access Reduced Security Access: Remote/Unauthenticated Existing Account CVE Names: CVE-2008-0863 CVE-2008-0864 CVE-2008-0865 CVE-2008-0866 CVE-2008-0867 CVE-2008-0868 CVE-2008-0869 CVE-2008-0870 CVE-2008-0895 CVE-2008-0896 CVE-2008-0897 CVE-2008-0898 CVE-2008-0899 CVE-2008-0900 CVE-2008-0901 CVE-2008-0902 CVE-2008-0903 CVE-2008-0904 Revision History: February 26 2008: Added CVE Numbers. February 22 2008: Added CVE Numbers. February 20 2008: Initial Release - --------------------------BEGIN INCLUDED TEXT-------------------- BEA Systems have released 21 security advisories for multiple products. Patches have now been released to fix these vulnerabilities. Details are as follows: BEA08-183.00 Security policies on a WebLogic Portal Page can inadvertently be lost by an administrator performing certain editing operations on that page. Affects: WLP 8.1 (SP3-SP6) Advisory: http://dev2dev.bea.com/pub/advisory/256 BEA08-184.00 An entitlement on an instance of a floatable portlet can be bypassed Affects: WLP 8.1 (-SP6) Advisory: http://dev2dev.bea.com/pub/advisory/257 BEA08-185.00 Cross-site scripting (XSS) vulnerabilities in Web applications using WebLogic Workshop NetUI page flows Affects: WLW 8.1 (-SP5) Advisory: http://dev2dev.bea.com/pub/advisory/258 BEA08-186.00 BEA Plumtree Portal cross site scripting (XSS) vulnerability Affects: BEA AquaLogic Interaction 6.1 (-MP1) BEA Plumtree Foundation 6.0 (-SP1) Advisory: http://dev2dev.bea.com/pub/advisory/259 BEA08-187.00 Web Service WSDL and policy is exposed to unauthenticated HTTP clients Affects: WLS 9.1, WLS 9.0 Advisory: http://dev2dev.bea.com/pub/advisory/260 BEA08-188.00 JavaScript can be injected into the WLP Groupspace application and can allow for an XSS exploit Affects: WLP 10.0, WLP 9.2 (-MP1) Advisory: http://dev2dev.bea.com/pub/advisory/261 BEA08-110.01 Cleartext database password in the config.xml file Affects: WLP 8.1 (-SP3), WLP 7.0 (SP4 - SP7) Advisory: http://dev2dev.bea.com/pub/advisory/262 BEA08-189.00 Cross-site scripting (XSS) vulnerabilities in Web applications using either WebLogic Workshop NetUI or Apache Beehive NetUI page flows Affects: WLW 10.0, WLW 9.2 (-MP1), WLW 9.1, WLW 9.0, WLW 8.1 (-SP6) Advisory: http://dev2dev.bea.com/pub/advisory/263 BEA08-190.00 A WebLogic Portal Administration Console session can inadvertently redirect from https port to an http port Affects: WLP 10.0, WLP 9.2 (-MP2) Advisory: http://dev2dev.bea.com/pub/advisory/264 BEA08-191.00 Tampering HTML request headers could lead to an elevation of privileges Affects: WLS 10.0, WLS 9.2 (-MP1), WLS 9.1, WLS 9.0 WLS 8.1 (-SP6), WLS7.0 (-SP7), WLS 6.1 (-SP7) Advisory: http://dev2dev.bea.com/pub/advisory/265 BEA08-192.00 When content portlets are deleted from one of the portals pages, all entitlements are removed for the application Affects: WLP 10.0, WLP 9.2 (-MP1) Advisory: http://dev2dev.bea.com/pub/advisory/266 BEA08-193.00 Non-authorized user may be able to receive messages from a secured JMS Topic destination Affects: WLS 10, WLS 9.2 (-MP1), WLS 9.1, WLS 9.0 Advisory: http://dev2dev.bea.com/pub/advisory/267 BEA08-194.00 A non-authorized user may be able to send messages to a protected distributed queue Affects: WLS 10, WLS 9.2 (-MP1), WLS 9.1, WLS 9.0 Advisory: http://dev2dev.bea.com/pub/advisory/268 BEA08-195.00 Cross-site scripting vulnerability in Consoles Unexpected Exception Page Affects: WLS 10.0, WLS 9.2 (-MP1), WLS 9.1, WLS 9.0 Advisory: http://dev2dev.bea.com/pub/advisory/269 BEA08-196.00 A session fixation exploit could result in elevated privileges Affects: WLS 10.0, WLS 9.2 (-MP1), WLS 8.1 (SP4 - SP6) Advisory: http://dev2dev.bea.com/pub/advisory/270 BEA08-197.00 Account lockout can be bypassed, exposing the account to a brute-force password attack Affects: WLS 10.0 (-MP1), WLS 9.2 (-MP2), WLS 9.1, WLS 9.0 WLS 8.1 (-SP6), WLS 7.0 (-SP7) Advisory: http://dev2dev.bea.com/pub/advisory/271 BEA08-198.00 Multiple Security Vulnerabilities in Java Web Start and the Java Plug-in for browsers Affects: BEA JRockit R24:JRockit R24.3-1.4.2_04 to R24.5-1.4.2_08 BEA JRockit R25: JRockit R25.0-1.5.0 to R25.2-1.5.0_03 Advisory: http://dev2dev.bea.com/pub/advisory/272 BEA08-80.04 Patches available to prevent multiple cross-site scripting (XSS) vulnerabilities Affects: WLS 10.0 (-MP1), WLS 9.2 (-MP2), WLS 9.1, WLS 9.0 WLS 8.1 (-SP6), WLS 7.0 (-SP7), WLS 6.1 (-SP7) Advisory: http://dev2dev.bea.com/pub/advisory/273 BEA08-159.01 Requests served through WebLogic proxy servlets may acquire elevated privileges Affects: WLS 9.1, WLS 9.0, WLS 8.1 (-SP5) WLS 7.0 (-SP7), WLS 6.1 (-SP7) Advisory: http://dev2dev.bea.com/pub/advisory/274 BEA08-199.00 A carefully constructed URL may cause the Sun, IIS or Apache web-server to crash Affects: Plug-ins dated prior to November 2007 Advisory: http://dev2dev.bea.com/pub/advisory/275 BEA08-200.00 Server files can be accessed by a remote user Affects: BEA AquaLogic Collaboration 4.2, BEA Plumtree Collaboration 4.1 Advisory: http://dev2dev.bea.com/pub/advisory/276 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQCVAwUBR8NT0Ch9+71yA2DNAQIgLgP8DJkoiD2DKdBHi/5T48ReTmzRzMjtWlxS DFsrgUjsH/oQxyCYx9Wk5gO5tE6qdPqD3ZDSxQSzXh2a10PlScxDuq5rcJNCXdUu lBrWd3+K47t5Zg9uUDgxi5xZ/5+KJjBYlrRHuKUMkgapYWTMip5bkLjpPyA1gfTN et6uydgQnOc= =Ne5m -----END PGP SIGNATURE-----