Bea WebLogic/Liquid Data Multiple Cross-Site Scripting Vulnerabilities

Bea WebLogic/Liquid Data Multiple Cross-Site Scripting Vulnerabilities

Solution:
BEA Systems has released patches for these issues. Please see the attached BEA advisory for detailed instructions on how to obtain or apply patches.

Please contact the vendor for details on obtaining Liquid Data Rolling Patch 4, which fixes Liquid Data 1.1 and has certain prerequisites before installing.

BEA Systems has released the following fixes:

BEA Systems WebLogic Integration 2.1

BEA Systems tempPatchCR105536_WLI21SP2.zip
WebLogic Integration 2.1 patch requires prerequisite patches for WebLogic 6.1 SP 2 or SP 3.
ftp://ftpna.beasys.com/pub/releases/security/tempPatchCR105536_WLI21SP 2.zip

BEA Systems Weblogic Server 5.1 SP 13

BEA Systems CR105007_510sp13.jar
Requires WebLogic 5.1 SP 13.
ftp://ftpna.beasys.com/pub/releases/security/CR105007_510sp13.jar

BEA Systems WebLogic Express 5.1 SP 13

BEA Systems CR105007_510sp13.jar
Requires WebLogic 5.1 SP 13.
ftp://ftpna.beasys.com/pub/releases/security/CR105007_510sp13.jar

BEA Systems WebLogic Server for Win32 5.1 SP 13

BEA Systems CR105007_510sp13.jar
Requires WebLogic 5.1 SP 13.
ftp://ftpna.beasys.com/pub/releases/security/CR105007_510sp13.jar

BEA Systems WebLogic Express for Win32 5.1 SP 13

BEA Systems CR105007_510sp13.jar
Requires WebLogic 5.1 SP 13.
ftp://ftpna.beasys.com/pub/releases/security/CR105007_510sp13.jar

BEA Systems WebLogic Express 7.0 SP 2

BEA Systems CR105443_70sp2-v2.jar
Prerequisite for installing Liquid Data Rolling Patch 4 on BEA WebLogic 7.0 SP 2.
ftp://ftpna.beasys.com/pub/releases/security/CR105443_70sp2-v2.jar

BEA Systems CR105443_70sp2-v2.jar
Prerequisite patch for WebLogic 7.0 SP 2.
ftp://ftpna.beasys.com/pub/releases/security/CR105443_70sp2-v2.jar

BEA Systems Weblogic Server 7.0 SP 3

BEA Systems CR105443_70sp3.jar
Requires WebLogic 7.0 SP 3.
ftp://ftpna.beasys.com/pub/releases/security/CR105443_70sp3.jar

BEA Systems Weblogic Server 7.0 SP 2

BEA Systems CR105443_70sp2-v2.jar
Prerequisite for installing Liquid Data Rolling Patch 4 on BEA WebLogic 7.0 SP 2.
ftp://ftpna.beasys.com/pub/releases/security/CR105443_70sp2-v2.jar

BEA Systems CR105443_70sp2-v2.jar
Prerequisite patch for WebLogic 7.0 SP 2.
ftp://ftpna.beasys.com/pub/releases/security/CR105443_70sp2-v2.jar

BEA Systems WebLogic Express 7.0 SP 3

BEA Systems CR105443_70sp3.jar
Requires WebLogic 7.0 SP 3.
ftp://ftpna.beasys.com/pub/releases/security/CR105443_70sp3.jar

BEA Systems WebLogic Express for Win32 7.0 SP 2

BEA Systems CR105443_70sp2-v2.jar
Prerequisite for installing Liquid Data Rolling Patch 4 on BEA WebLogic 7.0 SP 2.
ftp://ftpna.beasys.com/pub/releases/security/CR105443_70sp2-v2.jar

BEA Systems CR105443_70sp2-v2.jar
Prerequisite patch for WebLogic 7.0 SP 2.
ftp://ftpna.beasys.com/pub/releases/security/CR105443_70sp2-v2.jar

BEA Systems WebLogic Server for Win32 7.0 SP 2

BEA Systems CR105443_70sp2-v2.jar
Prerequisite for installing Liquid Data Rolling Patch 4 on BEA WebLogic 7.0 SP 2.
ftp://ftpna.beasys.com/pub/releases/security/CR105443_70sp2-v2.jar

BEA Systems CR105443_70sp2-v2.jar
Prerequisite patch for WebLogic 7.0 SP 2.
ftp://ftpna.beasys.com/pub/releases/security/CR105443_70sp2-v2.jar

BEA Systems WebLogic Integration 7.0

BEA Systems tempPatchCR103371_WLI70SP2.zip
WebLogic Integration 7.0 patch requires the prerequisite patch for WebLogic 7.0 SP 2.
ftp://ftpna.beasys.com/pub/releases/security/tempPatchCR103371_WLI70SP 2.zip

BEA Systems WebLogic Server for Win32 7.0 SP 3

BEA Systems CR105443_70sp3.jar
Requires WebLogic 7.0 SP 3.
ftp://ftpna.beasys.com/pub/releases/security/CR105443_70sp3.jar

BEA Systems WebLogic Express for Win32 7.0 SP 3

BEA Systems CR105443_70sp3.jar
Requires WebLogic 7.0 SP 3.
ftp://ftpna.beasys.com/pub/releases/security/CR105443_70sp3.jar