BEA WebLogic Server Null Cipher Suite Multiple Information Disclosure Vulnerabilities

BEA WebLogic Server Null Cipher Suite Multiple Information Disclosure Vulnerabilities

Solution:
BEA Systems released updates and advisories to address these issues. Updates for WebLogic Server 10.0, 9.2 and 9.1 can be obtained using the Smart Update Tool. Please see the references for details on how to obtain and install patches for other versions.

BEA Systems Weblogic Server 9.0

BEA Systems CR319130_90_client.jar
ftp://anonymous:dev2dev%40bea%2Ecom@ftpna.bea.com/pub/releases/securit y/CR319130_90_client.jar

BEA Systems WebLogic Express 8.1.0 SP 6

BEA Systems CR319130_81sp6_client.jar
ftp://anonymous:dev2dev%40bea%2Ecom@ftpna.bea.com/pub/releases/securit y/CR319130_81sp6_client.jar

BEA Systems Weblogic Server 7.0 SP 7

BEA Systems CR325828_70sp7.jar
ftp://anonymous:dev2dev%40bea%2Ecom@ftpna.bea.com/pub/releases/securit y/CR325828_70sp7.jar

BEA Systems Weblogic Server 8.1 SP 6

BEA Systems CR319130_81sp6_client.jar
ftp://anonymous:dev2dev%40bea%2Ecom@ftpna.bea.com/pub/releases/securit y/CR319130_81sp6_client.jar