• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Multiple BEA WebLogic Server/Express Vulnerabilities

Solution:
The vendor has released fixes that address these issues.

(CR105624_70sp2.jar) fixes the unauthorized access to the console issue for WebLogic Server/Express 7.0 and 7.0.0.1.

(CR105809_81_ga.jar and CR105809_70sp2.jar) fix the operators administrative access issue on WebLogic Server/Express 8.1 and WebLogic Server/Express 7.0/7.0.0.1 respectively.

(CR093813_70sp2.zip and CR093813_61sp5.zip) fix the prevent protect password issue on WebLogic Server/Express 7.0/7.0.0.1 and WebLogic Server/Express 6.1 respectively.

These fixes will be bundled into pending service packs for the various releases. Users are advised to apply all fixes for any vulnerable versions they are running.


BEA Systems Weblogic Server 6.1 SP 5

• BEA Systems CR093813_61sp5.zip
  Upgrade to Service Pack 5 and follow the instructions included in the zip file.
  ftp://ftpna.beasys.com/pub/releases/security/CR093813_61sp5.zip

BEA Systems WebLogic Express 6.1 SP 5

• BEA Systems CR093813_61sp5.zip
  Upgrade to Service Pack 5 and follow the instructions included in the zip file.
  ftp://ftpna.beasys.com/pub/releases/security/CR093813_61sp5.zip

BEA Systems WebLogic Server for Win32 6.1 SP 5

• BEA Systems CR093813_61sp5.zip
  Upgrade to Service Pack 5 and follow the instructions included in the zip file.
  ftp://ftpna.beasys.com/pub/releases/security/CR093813_61sp5.zip

BEA Systems WebLogic Express for Win32 6.1 SP 5

• BEA Systems CR093813_61sp5.zip
  Upgrade to Service Pack 5 and follow the instructions included in the zip file.
  ftp://ftpna.beasys.com/pub/releases/security/CR093813_61sp5.zip

BEA Systems WebLogic Express 7.0 SP 2

• BEA Systems CR093813_70sp2.zip
  Upgrade to Service Pack 2 and follow the instructions included in the zip file.
  ftp://ftpna.beasys.com/pub/releases/security/CR093813_70sp2.zip


• BEA Systems CR105809_70sp2.jar
  Upgrade to Service Pack 2 and apply the patch
  ftp://ftpna.beasys.com/pub/releases/security/CR105809_70sp2.jar


• BEA Systems CR105624_70sp2.jar
  Upgrade to Service Pack 2, and apply the following patch.
  ftp://ftpna.beasys.com/pub/releases/security/CR105624_70sp2.jar

BEA Systems Weblogic Server 7.0 .0.1 SP 2

• BEA Systems CR093813_70sp2.zip
  Upgrade to Service Pack 2 and follow the instructions included in the zip file.
  ftp://ftpna.beasys.com/pub/releases/security/CR093813_70sp2.zip


• BEA Systems CR105809_70sp2.jar
  Upgrade to Service Pack 2 and apply the patch
  ftp://ftpna.beasys.com/pub/releases/security/CR105809_70sp2.jar


• BEA Systems CR105624_70sp2.jar
  Upgrade to Service Pack 2, and apply the following patch.
  ftp://ftpna.beasys.com/pub/releases/security/CR105624_70sp2.jar

BEA Systems WebLogic Server for Win32 7.0 .0.1 SP 2

• BEA Systems CR093813_70sp2.zip
  Upgrade to Service Pack 2 and follow the instructions included in the zip file.
  ftp://ftpna.beasys.com/pub/releases/security/CR093813_70sp2.zip


• BEA Systems CR105809_70sp2.jar
  Upgrade to Service Pack 2 and apply the patch
  ftp://ftpna.beasys.com/pub/releases/security/CR105809_70sp2.jar


• BEA Systems CR105624_70sp2.jar
  Upgrade to Service Pack 2, and apply the following patch.
  ftp://ftpna.beasys.com/pub/releases/security/CR105624_70sp2.jar

BEA Systems Weblogic Server 7.0 SP 2

• BEA Systems CR093813_70sp2.zip
  Upgrade to Service Pack 2 and follow the instructions included in the zip file.
  ftp://ftpna.beasys.com/pub/releases/security/CR093813_70sp2.zip


• BEA Systems CR105809_70sp2.jar
  Upgrade to Service Pack 2 and apply the patch
  ftp://ftpna.beasys.com/pub/releases/security/CR105809_70sp2.jar


• BEA Systems CR105624_70sp2.jar
  Upgrade to Service Pack 2, and apply the following patch.
  ftp://ftpna.beasys.com/pub/releases/security/CR105624_70sp2.jar

BEA Systems Weblogic Server 7.0

• BEA Systems CR105624_70sp2.jar
  Upgrade to Service Pack 2, and apply the following patch.
  ftp://ftpna.beasys.com/pub/releases/security/CR105624_70sp2.jar

BEA Systems WebLogic Express 7.0 .0.1 SP 2

• BEA Systems CR093813_70sp2.zip
  Upgrade to Service Pack 2 and follow the instructions included in the zip file.
  ftp://ftpna.beasys.com/pub/releases/security/CR093813_70sp2.zip


• BEA Systems CR105809_70sp2.jar
  Upgrade to Service Pack 2 and apply the patch
  ftp://ftpna.beasys.com/pub/releases/security/CR105809_70sp2.jar


• BEA Systems CR105624_70sp2.jar
  Upgrade to Service Pack 2, and apply the following patch.
  ftp://ftpna.beasys.com/pub/releases/security/CR105624_70sp2.jar

BEA Systems WebLogic Express for Win32 7.0

• BEA Systems CR105624_70sp2.jar
  Upgrade to Service Pack 2, and apply the following patch.
  ftp://ftpna.beasys.com/pub/releases/security/CR105624_70sp2.jar

BEA Systems WebLogic Express for Win32 7.0 SP 2

• BEA Systems CR093813_70sp2.zip
  Upgrade to Service Pack 2 and follow the instructions included in the zip file.
  ftp://ftpna.beasys.com/pub/releases/security/CR093813_70sp2.zip


• BEA Systems CR105809_70sp2.jar
  Upgrade to Service Pack 2 and apply the patch
  ftp://ftpna.beasys.com/pub/releases/security/CR105809_70sp2.jar


• BEA Systems CR105624_70sp2.jar
  Upgrade to Service Pack 2, and apply the following patch.
  ftp://ftpna.beasys.com/pub/releases/security/CR105624_70sp2.jar

BEA Systems WebLogic Express for Win32 7.0 .0.1 SP 2

• BEA Systems CR093813_70sp2.zip
  Upgrade to Service Pack 2 and follow the instructions included in the zip file.
  ftp://ftpna.beasys.com/pub/releases/security/CR093813_70sp2.zip


• BEA Systems CR105809_70sp2.jar
  Upgrade to Service Pack 2 and apply the patch
  ftp://ftpna.beasys.com/pub/releases/security/CR105809_70sp2.jar


• BEA Systems CR105624_70sp2.jar
  Upgrade to Service Pack 2, and apply the following patch.
  ftp://ftpna.beasys.com/pub/releases/security/CR105624_70sp2.jar

BEA Systems WebLogic Server for Win32 7.0 SP 2

• BEA Systems CR093813_70sp2.zip
  Upgrade to Service Pack 2 and follow the instructions included in the zip file.
  ftp://ftpna.beasys.com/pub/releases/security/CR093813_70sp2.zip


• BEA Systems CR105809_70sp2.jar
  Upgrade to Service Pack 2 and apply the patch
  ftp://ftpna.beasys.com/pub/releases/security/CR105809_70sp2.jar


• BEA Systems CR105624_70sp2.jar
  Upgrade to Service Pack 2, and apply the following patch.
  ftp://ftpna.beasys.com/pub/releases/security/CR105624_70sp2.jar

BEA Systems Weblogic Server 8.1

• BEA Systems CR105809_81_ga.jar
  ftp://ftpna.beasys.com/pub/releases/security/CR105809_81_ga.jar

BEA Systems WebLogic Express 8.1

• BEA Systems CR105809_81_ga.jar
  ftp://ftpna.beasys.com/pub/releases/security/CR105809_81_ga.jar