BEA WebLogic Administration Console Error Page Cross-Site Scripting Vulnerability

BEA WebLogic Administration Console Error Page Cross-Site Scripting Vulnerability

Solution:
BEA Systems has released and advisory (BEA05-80.00) including patches to address this issue. Please see the referenced advisory for instructions on how to install the patches in a proper manner.

BEA Systems WebLogic Express for Win32 7.0 SP 6

BEA Systems CR214457_700sp6.jar
ftp://ftpna.bea.com/pub/releases/security/CR214457_700sp6.jar

BEA Systems Weblogic Server 7.0 SP 6

BEA Systems CR214457_700sp6.jar
ftp://ftpna.bea.com/pub/releases/security/CR214457_700sp6.jar

BEA Systems WebLogic Express 7.0 SP 6

BEA Systems CR214457_700sp6.jar
ftp://ftpna.bea.com/pub/releases/security/CR214457_700sp6.jar

BEA Systems WebLogic Server for Win32 7.0 SP 6

BEA Systems CR214457_700sp6.jar
ftp://ftpna.bea.com/pub/releases/security/CR214457_700sp6.jar

BEA Systems WebLogic Express for Win32 8.1 SP 4

BEA Systems CR202495_810sp4.jar
ftp://ftpna.bea.com/pub/releases/security/CR202495_810sp4.jar

BEA Systems WebLogic Server for Win32 8.1 SP 4

BEA Systems CR202495_810sp4.jar
ftp://ftpna.bea.com/pub/releases/security/CR202495_810sp4.jar

BEA Systems Weblogic Server 8.1 SP 4

BEA Systems CR202495_810sp4.jar
ftp://ftpna.bea.com/pub/releases/security/CR202495_810sp4.jar

BEA Systems WebLogic Express 8.1 SP 4

BEA Systems CR202495_810sp4.jar
ftp://ftpna.bea.com/pub/releases/security/CR202495_810sp4.jar