Hash: SHA1

             AUSCERT External Security Bulletin Redistribution

                    ESB-2008.0174 -- [Win][UNIX/Linux]
     BEA Systems release 21 security advisories for multiple products
                             26 February 2008


        AusCERT Security Bulletin Summary

Product:              BEA AquaLogic Collaboration 4.2
                      BEA AquaLogic Interaction
                      BEA JRockit R24
                      BEA JRockit R25
                      BEA Plumtree Collaboration 4.1
                      BEA Plumtree Foundation
                      BEA Workshop for WebLogic
                      WebLogic Express
                      WebLogic Portal
                      WebLogic Server
                      WebLogic Workshop
Publisher:            BEA Systems
Operating System:     Windows
                      UNIX variants (UNIX, Linux, OSX)
Impact:               Execute Arbitrary Code/Commands
                      Increased Privileges
                      Denial of Service
                      Cross-site Scripting
                      Access Confidential Data
                      Inappropriate Access
                      Reduced Security
Access:               Remote/Unauthenticated
                      Existing Account
CVE Names:            CVE-2008-0863 CVE-2008-0864 CVE-2008-0865
                      CVE-2008-0866 CVE-2008-0867 CVE-2008-0868
                      CVE-2008-0869 CVE-2008-0870 CVE-2008-0895
                      CVE-2008-0896 CVE-2008-0897 CVE-2008-0898
                      CVE-2008-0899 CVE-2008-0900 CVE-2008-0901
                      CVE-2008-0902 CVE-2008-0903 CVE-2008-0904

Revision History:     February 26 2008: Added CVE Numbers.
                      February 22 2008: Added CVE Numbers.
                      February 20 2008: Initial Release

- --------------------------BEGIN INCLUDED TEXT--------------------

BEA Systems have released 21 security advisories for multiple products.

Patches have now been released to fix these vulnerabilities. Details are 
as follows:

Security policies on a WebLogic Portal Page can inadvertently be lost 
by an administrator performing certain editing operations on that page.
Affects: WLP 8.1 (SP3-SP6)
Advisory: http://dev2dev.bea.com/pub/advisory/256

An entitlement on an instance of a floatable portlet can be bypassed
Affects: WLP 8.1 (-SP6)
Advisory: http://dev2dev.bea.com/pub/advisory/257

Cross-site scripting (XSS) vulnerabilities in Web applications using 
WebLogic Workshop NetUI page flows
Affects: WLW 8.1 (-SP5)
Advisory: http://dev2dev.bea.com/pub/advisory/258

BEA Plumtree Portal cross site scripting (XSS) vulnerability
Affects: BEA AquaLogic Interaction 6.1 (-MP1)
         BEA Plumtree Foundation 6.0 (-SP1)
Advisory: http://dev2dev.bea.com/pub/advisory/259

Web Service WSDL and policy is exposed to unauthenticated HTTP clients
Affects: WLS 9.1, WLS 9.0
Advisory: http://dev2dev.bea.com/pub/advisory/260

JavaScript can be injected into the WLP Groupspace application and can 
allow for an XSS exploit
Affects: WLP 10.0, WLP 9.2 (-MP1)
Advisory: http://dev2dev.bea.com/pub/advisory/261

Cleartext database password in the config.xml file
Affects: WLP 8.1 (-SP3), WLP 7.0 (SP4 - SP7)
Advisory: http://dev2dev.bea.com/pub/advisory/262

Cross-site scripting (XSS) vulnerabilities in Web applications using 
either WebLogic Workshop NetUI or Apache Beehive NetUI page flows
Affects: WLW 10.0, WLW 9.2 (-MP1), WLW 9.1, WLW 9.0, WLW 8.1 (-SP6)
Advisory: http://dev2dev.bea.com/pub/advisory/263

A WebLogic Portal Administration Console session can inadvertently 
redirect from https port to an http port
Affects: WLP 10.0, WLP 9.2 (-MP2)
Advisory: http://dev2dev.bea.com/pub/advisory/264

Tampering HTML request headers could lead to an elevation of privileges
Affects: WLS 10.0, WLS 9.2 (-MP1), WLS 9.1, WLS 9.0
         WLS 8.1 (-SP6), WLS7.0 (-SP7), WLS 6.1 (-SP7)
Advisory: http://dev2dev.bea.com/pub/advisory/265

When content portlets are deleted from one of the portals pages, 
all entitlements are removed for the application
Affects: WLP 10.0, WLP 9.2 (-MP1)
Advisory: http://dev2dev.bea.com/pub/advisory/266

Non-authorized user may be able to receive messages from a secured 
JMS Topic destination
Affects: WLS 10, WLS 9.2 (-MP1), WLS 9.1, WLS 9.0
Advisory: http://dev2dev.bea.com/pub/advisory/267

A non-authorized user may be able to send messages to a protected 
distributed queue
Affects: WLS 10, WLS 9.2 (-MP1), WLS 9.1, WLS 9.0
Advisory: http://dev2dev.bea.com/pub/advisory/268

Cross-site scripting vulnerability in Consoles Unexpected Exception Page
Affects: WLS 10.0, WLS 9.2 (-MP1), WLS 9.1, WLS 9.0
Advisory: http://dev2dev.bea.com/pub/advisory/269

A session fixation exploit could result in elevated privileges
Affects: WLS 10.0, WLS 9.2 (-MP1), WLS 8.1 (SP4 - SP6)
Advisory: http://dev2dev.bea.com/pub/advisory/270

Account lockout can be bypassed, exposing the account to a brute-force 
password attack
Affects: WLS 10.0 (-MP1), WLS 9.2 (-MP2), WLS 9.1, WLS 9.0
         WLS 8.1 (-SP6), WLS 7.0 (-SP7)
Advisory: http://dev2dev.bea.com/pub/advisory/271

Multiple Security Vulnerabilities in Java Web Start and the Java Plug-in 
for browsers
Affects: BEA JRockit R24:JRockit R24.3-1.4.2_04 to R24.5-1.4.2_08
         BEA JRockit R25: JRockit R25.0-1.5.0 to R25.2-1.5.0_03
Advisory: http://dev2dev.bea.com/pub/advisory/272

Patches available to prevent multiple cross-site scripting (XSS) 
Affects: WLS 10.0 (-MP1), WLS 9.2 (-MP2), WLS 9.1, WLS 9.0
         WLS 8.1 (-SP6), WLS 7.0 (-SP7), WLS 6.1 (-SP7)
Advisory: http://dev2dev.bea.com/pub/advisory/273

Requests served through WebLogic proxy servlets may acquire 
elevated privileges
Affects: WLS 9.1, WLS 9.0, WLS 8.1 (-SP5)
         WLS 7.0 (-SP7), WLS 6.1 (-SP7)
Advisory: http://dev2dev.bea.com/pub/advisory/274

A carefully constructed URL may cause the Sun, IIS or Apache 
web-server to crash
Affects: Plug-ins dated prior to November 2007
Advisory: http://dev2dev.bea.com/pub/advisory/275

Server files can be accessed by a remote user
Affects: BEA AquaLogic Collaboration 4.2, BEA Plumtree Collaboration 4.1
Advisory: http://dev2dev.bea.com/pub/advisory/276

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:


If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:


Australian Computer Emergency Response Team
The University of Queensland
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.

Comment: http://www.auscert.org.au/render.html?it=1967