BEA WebLogic Server and WebLogic Express HTTP Response Splitting Vulnerability

BEA WebLogic Server and WebLogic Express HTTP Response Splitting Vulnerability

Solution:
The vendor has released advisory BEA05-105.01 and patch information regarding this issue. Please see references for more information.

BEA Systems WebLogic Express for Win32 6.1 SP 7

BEA Systems CR244708_610sp7.jar
ftp://ftpna.beasys.com/pub/releases/security/CR244708_610sp7.jar

BEA Systems WebLogic Express 6.1 SP 7

BEA Systems CR244708_610sp7.jar
ftp://ftpna.beasys.com/pub/releases/security/CR244708_610sp7.jar

BEA Systems WebLogic Server for Win32 6.1 SP 7

BEA Systems CR244708_610sp7.jar
ftp://ftpna.beasys.com/pub/releases/security/CR244708_610sp7.jar

BEA Systems Weblogic Server 6.1 SP 7

BEA Systems CR244708_610sp7.jar
ftp://ftpna.beasys.com/pub/releases/security/CR244708_610sp7.jar

BEA Systems WebLogic Express for Win32 7.0 SP 6

BEA Systems CR244708_700sp6_V2.jar
ftp://ftpna.beasys.com/pub/releases/security/CR244708_700sp6_V2.jar

BEA Systems Weblogic Server 7.0 SP 6

BEA Systems CR244708_700sp6_V2.jar
ftp://ftpna.beasys.com/pub/releases/security/CR244708_700sp6_V2.jar

BEA Systems WebLogic Express 7.0 SP 6

BEA Systems CR244708_700sp6_V2.jar
ftp://ftpna.beasys.com/pub/releases/security/CR244708_700sp6_V2.jar

BEA Systems WebLogic Server for Win32 7.0 SP 6

BEA Systems CR244708_700sp6_V2.jar
ftp://ftpna.beasys.com/pub/releases/security/CR244708_700sp6_V2.jar