BEA WebLogic Server and WebLogic Express Certificate Chain User Impersonation Vulnerability
BID:10132
Info
BEA WebLogic Server and WebLogic Express Certificate Chain User Impersonation Vulnerability
| Bugtraq ID: | 10132 |
| Class: | Unknown |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 13 2004 12:00AM |
| Updated: | Apr 13 2004 12:00AM |
| Credit: | This issue was disclosed by the vendor. |
| Vulnerable: |
BEA Systems WebLogic Server for Win32 8.1 SP 2 BEA Systems WebLogic Server for Win32 8.1 SP 1 BEA Systems WebLogic Server for Win32 8.1 BEA Systems WebLogic Server for Win32 7.0 SP 4 BEA Systems WebLogic Server for Win32 7.0 SP 3 BEA Systems WebLogic Server for Win32 7.0 SP 2 BEA Systems WebLogic Server for Win32 7.0 SP 1 BEA Systems WebLogic Server for Win32 7.0 BEA Systems Weblogic Server 8.1 SP 2 BEA Systems Weblogic Server 8.1 SP 1 BEA Systems Weblogic Server 8.1 BEA Systems Weblogic Server 7.0 SP 4 BEA Systems Weblogic Server 7.0 SP 3 BEA Systems Weblogic Server 7.0 SP 2 BEA Systems Weblogic Server 7.0 SP 1 BEA Systems WebLogic Express for Win32 8.1 SP 2 BEA Systems WebLogic Express for Win32 8.1 SP 1 BEA Systems WebLogic Express for Win32 8.1 BEA Systems WebLogic Express for Win32 7.0 SP 4 BEA Systems WebLogic Express for Win32 7.0 SP 3 BEA Systems WebLogic Express for Win32 7.0 SP 2 BEA Systems WebLogic Express for Win32 7.0 SP 1 BEA Systems WebLogic Express 8.1 SP 2 BEA Systems WebLogic Express 8.1 SP 1 BEA Systems WebLogic Express 8.1 BEA Systems WebLogic Express 7.0 SP 4 BEA Systems WebLogic Express 7.0 SP 3 BEA Systems WebLogic Express 7.0 SP 2 BEA Systems WebLogic Express 7.0 SP 1 BEA Systems WebLogic Express 7.0 |
| Not Vulnerable: |
BEA Systems WebLogic Server for Win32 7.0 SP 5 BEA Systems Weblogic Server 7.0 SP 5 BEA Systems WebLogic Express for Win32 7.0 SP 5 BEA Systems WebLogic Express 7.0 SP 5 |
Discussion
BEA WebLogic Server and WebLogic Express Certificate Chain User Impersonation Vulnerability
It has been reported that BEA WebLogic Server and WebLogic Express are prone to a user impersonation vulnerability that may allow an attacker to impersonate an administrator or a remote server.
This issue may be related to the vulnerability described in BID 8320 (BEA WebLogic Server and WebLogic Express User Impersonation Vulnerability).
It has been reported that BEA WebLogic Server and WebLogic Express are prone to a user impersonation vulnerability that may allow an attacker to impersonate an administrator or a remote server.
This issue may be related to the vulnerability described in BID 8320 (BEA WebLogic Server and WebLogic Express User Impersonation Vulnerability).
Exploit / POC
BEA WebLogic Server and WebLogic Express Certificate Chain User Impersonation Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
BEA WebLogic Server and WebLogic Express Certificate Chain User Impersonation Vulnerability
Solution:
BEA has released an advisory BEA04-54.00 to address this issue. Please see the referenced advisory for more information.
BEA Systems WebLogic Express for Win32 8.1
BEA Systems Weblogic Server 8.1 SP 1
BEA Systems WebLogic Express for Win32 8.1 SP 1
BEA Systems Weblogic Server 8.1 SP 2
BEA Systems WebLogic Server for Win32 8.1 SP 2
BEA Systems WebLogic Express 8.1 SP 2
BEA Systems WebLogic Server for Win32 8.1 SP 1
BEA Systems WebLogic Server for Win32 8.1
BEA Systems Weblogic Server 8.1
BEA Systems WebLogic Express 8.1 SP 1
BEA Systems WebLogic Express for Win32 8.1 SP 2
BEA Systems WebLogic Express 8.1
Solution:
BEA has released an advisory BEA04-54.00 to address this issue. Please see the referenced advisory for more information.
BEA Systems WebLogic Express for Win32 8.1
-
BEA Systems CR129371_81sp2.jar
ftp://ftpna.beasys.com/pub/releases/security/CR129371_81sp2.jar
BEA Systems Weblogic Server 8.1 SP 1
-
BEA Systems CR129371_81sp2.jar
ftp://ftpna.beasys.com/pub/releases/security/CR129371_81sp2.jar
BEA Systems WebLogic Express for Win32 8.1 SP 1
-
BEA Systems CR129371_81sp2.jar
ftp://ftpna.beasys.com/pub/releases/security/CR129371_81sp2.jar
BEA Systems Weblogic Server 8.1 SP 2
-
BEA Systems CR129371_81sp2.jar
ftp://ftpna.beasys.com/pub/releases/security/CR129371_81sp2.jar
BEA Systems WebLogic Server for Win32 8.1 SP 2
-
BEA Systems CR129371_81sp2.jar
ftp://ftpna.beasys.com/pub/releases/security/CR129371_81sp2.jar
BEA Systems WebLogic Express 8.1 SP 2
-
BEA Systems CR129371_81sp2.jar
ftp://ftpna.beasys.com/pub/releases/security/CR129371_81sp2.jar
BEA Systems WebLogic Server for Win32 8.1 SP 1
-
BEA Systems CR129371_81sp2.jar
ftp://ftpna.beasys.com/pub/releases/security/CR129371_81sp2.jar
BEA Systems WebLogic Server for Win32 8.1
-
BEA Systems CR129371_81sp2.jar
ftp://ftpna.beasys.com/pub/releases/security/CR129371_81sp2.jar
BEA Systems Weblogic Server 8.1
-
BEA Systems CR129371_81sp2.jar
ftp://ftpna.beasys.com/pub/releases/security/CR129371_81sp2.jar
BEA Systems WebLogic Express 8.1 SP 1
-
BEA Systems CR129371_81sp2.jar
ftp://ftpna.beasys.com/pub/releases/security/CR129371_81sp2.jar
BEA Systems WebLogic Express for Win32 8.1 SP 2
-
BEA Systems CR129371_81sp2.jar
ftp://ftpna.beasys.com/pub/releases/security/CR129371_81sp2.jar
BEA Systems WebLogic Express 8.1
-
BEA Systems CR129371_81sp2.jar
ftp://ftpna.beasys.com/pub/releases/security/CR129371_81sp2.jar
References
BEA WebLogic Server and WebLogic Express Certificate Chain User Impersonation Vulnerability
References:
References:
- SECURITY ADVISORY (BEA04-54.00) (BEA Systems)