BEA WebLogic Local Password Disclosure Vulnerability

BEA WebLogic Local Password Disclosure Vulnerability

Solution:
BEA Systems have released advisory BEA04-55.00 dealing with this issue. Users of WebLogic 7.0 are advised to upgrade to WebLogic 7.0 SP 5. Patch information has also been provided for WebLogic 8.1 SP 2:

BEA Systems Weblogic Server 7.0 SP 4

BEA Systems WebLogic Server 7.0 SP5
http://commerce.beasys.com/downloads/weblogic_server.jsp#wls

BEA Systems WebLogic Server for Win32 7.0 SP 4

BEA Systems WebLogic Server 7.0 SP5
http://commerce.beasys.com/downloads/weblogic_server.jsp#wls

BEA Systems Weblogic Server 8.1 SP 2

BEA Systems CR132949_81sp2.jar
ftp://ftpna.beasys.com/pub/releases/security/CR132949_81sp2.jar

BEA Systems WebLogic Server for Win32 8.1 SP 2

BEA Systems CR132949_81sp2.jar
ftp://ftpna.beasys.com/pub/releases/security/CR132949_81sp2.jar

BEA Systems WebLogic Express 8.1 SP 2

BEA Systems CR132949_81sp2.jar
ftp://ftpna.beasys.com/pub/releases/security/CR132949_81sp2.jar

BEA Systems WebLogic Express for Win32 8.1 SP 2

BEA Systems CR132949_81sp2.jar
ftp://ftpna.beasys.com/pub/releases/security/CR132949_81sp2.jar