BEA WebLogic Server And WebLogic Express Authentication Failure Information Disclosure Weakness

BEA WebLogic Server And WebLogic Express Authentication Failure Information Disclosure Weakness

Solution:
The vendor has released advisory BEA05-74.00 along with service pack 4 for WebLogic Server 8.1 and a patch for WebLogic Server 7.0 service pack 5 dealing with this issue. Please contact the vendor for information on attaining service pack 4 for WebLogic.

The vendor has released advisory BEA05-74.01 dealing with this issue. This advisory is an update to BEA05-74.00. Service pack 4 for WebLogic Server 8.1, and service pack 5 and 6 for WebLogic Server 7.0 are also considered vulnerable.

The vendor states that WebLogic Server 8.1 Service Pack 5, and WebLogic Server 7.0 Service Pack 7 will contain fixes for this issue. Until then, please see the new advisory for information on obtaining fixes.

Users are advised to disregard advisory BEA05-74.00, and should review the new one for further information.