• info
• discussion
• exploit
• solution
• references

BEA WebLogic Multiple Vulnerabilities

Solution:
The vendor has released updates to address these issues. Consult the referenced advisories for details on obtaining the appropriate updates.

BEA security advisory BEA07-107.02 supersedes security advisory BEA05-107.01.


BEA Systems Weblogic Server 9.0

• BEA Systems CR247655_900.jar
  ftp://ftpna.bea.com/pub/releases/security/CR247655_900.jar


• BEA Systems CR256930_900.zip
  ftp://ftpna.bea.com/pub/releases/security/CR256930_900.zip


• BEA Systems CR265510_90.jar
  ftp://ftpna.bea.com/pub/releases/security/CR265510_90.jar

BEA Systems WebLogic Server for Win32 9.0

• BEA Systems CR247655_900.jar
  ftp://ftpna.bea.com/pub/releases/security/CR247655_900.jar


• BEA Systems CR256930_900.zip
  ftp://ftpna.bea.com/pub/releases/security/CR256930_900.zip


• BEA Systems CR265510_90.jar
  ftp://ftpna.bea.com/pub/releases/security/CR265510_90.jar

BEA Systems WebLogic Express 6.1 SP 7

• BEA Systems CR238260_610sp7.jar
  ftp://ftpna.beasys.com/pub/releases/security/CR238260_610sp7.jar


• BEA Systems CR247655_610sp7.jar
  ftp://ftpna.beasys.com/pub/releases/security/CR247655_610sp7.jar


• BEA Systems CR265136_610sp7.jar
  ftp://ftpna.beasys.com/pub/releases/security/CR265136_610sp7.jar


• BEA Systems CR265510_610sp7.jar
  ftp://ftpna.beasys.com/pub/releases/security/CR265510_610sp7.jar

BEA Systems WebLogic Server for Win32 6.1 SP 7

• BEA Systems CR238260_610sp7.jar
  ftp://ftpna.beasys.com/pub/releases/security/CR238260_610sp7.jar


• BEA Systems CR247655_610sp7.jar
  ftp://ftpna.beasys.com/pub/releases/security/CR247655_610sp7.jar


• BEA Systems CR265136_610sp7.jar
  ftp://ftpna.beasys.com/pub/releases/security/CR265136_610sp7.jar


• BEA Systems CR265510_610sp7.jar
  ftp://ftpna.beasys.com/pub/releases/security/CR265510_610sp7.jar

BEA Systems Weblogic Server 6.1 SP 7

• BEA Systems CR238260_610sp7.jar
  ftp://ftpna.beasys.com/pub/releases/security/CR238260_610sp7.jar


• BEA Systems CR247655_610sp7.jar
  ftp://ftpna.beasys.com/pub/releases/security/CR247655_610sp7.jar


• BEA Systems CR265136_610sp7.jar
  ftp://ftpna.beasys.com/pub/releases/security/CR265136_610sp7.jar


• BEA Systems CR265510_610sp7.jar
  ftp://ftpna.beasys.com/pub/releases/security/CR265510_610sp7.jar

BEA Systems WebLogic Platform 7.0 SP 5

• BEA Systems CR130515.zip
  ftp://ftpna.bea.com/pub/releases/security/CR130515.zip

BEA Systems Weblogic Server 8.1 SP 5

• BEA Systems CR247655_810sp5.jar
  ftp://ftpna.beasys.com/pub/releases/security/CR247655_810sp5.jar


• BEA Systems CR265510_810sp5.jar
  ftp://ftpna.beasys.com/pub/releases/security/CR265510_810sp5.jar