• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

BEA WebLogic Multiple Vulnerabilities

References:

• BEA06-121.00 - The stopWebLogic.sh script echoes the system password on UNIX (BEA Systems)
  
• BEA06-124.00 - Applications installed on WebLogic Server can obtain private keys (BEA Systems)
  
• BEA06-125.00 - Internal network information may be externally visible (BEA Systems)
  
• BEA06-126.00 - Console incorrectly set JDBC policies (BEA Systems)
  
• BEA06-127.00 - WebLogic Server HTTP handlers log username and password on failur (BEA Systems)
  
• BEA06-128.00 - Domain name is exposed on Console login form (BEA Systems)
  
• BEA06-129.00 - Console displays the WebLogic Server IP address (BEA Systems)
  
• BEA06-130.00 - JSP showcode vulnerability (BEA Systems)
  
• BEA06-131.00 - Recovering admin password can leave cleartext password on disk (BEA Systems)
  
• BEA06-132.00 - Incorrect Quality of Service on some transaction coordination (BEA Systems)
  
• BEA06-133.00 - Sensitive internal system data may be exposed on the wire (BEA Systems)
  
• Weblogic (BEA Systems)
  
• WebLogic Portal Product Page (BEA Systems)
  
• WebLogic Server Product Homepage (Oracle)
  
• Security Advisory: (BEA07-107.02) (BEA Systems)