BEA WebLogic Server and WebLogic Express Illegal URI Pattern Potential Bypass Vulnerability
BID:10184
Info
BEA WebLogic Server and WebLogic Express Illegal URI Pattern Potential Bypass Vulnerability
| Bugtraq ID: | 10184 |
| Class: | Environment Error |
| CVE: |
CVE-2004-0711 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 20 2004 12:00AM |
| Updated: | Jul 12 2009 04:06AM |
| Credit: | This issue was disclosed by the vendor. |
| Vulnerable: |
BEA Systems WebLogic Server for Win32 8.1 SP 1 BEA Systems WebLogic Server for Win32 8.1 BEA Systems WebLogic Server for Win32 7.0 SP 4 BEA Systems WebLogic Server for Win32 7.0 SP 3 BEA Systems WebLogic Server for Win32 7.0 SP 2 BEA Systems WebLogic Server for Win32 7.0 SP 1 BEA Systems WebLogic Server for Win32 7.0 BEA Systems Weblogic Server 8.1 SP 1 BEA Systems Weblogic Server 8.1 BEA Systems Weblogic Server 7.0 SP 4 BEA Systems Weblogic Server 7.0 SP 3 BEA Systems Weblogic Server 7.0 SP 2 BEA Systems Weblogic Server 7.0 SP 1 BEA Systems Weblogic Server 7.0 BEA Systems WebLogic Express for Win32 8.1 SP 1 BEA Systems WebLogic Express for Win32 8.1 BEA Systems WebLogic Express for Win32 7.0 SP 4 BEA Systems WebLogic Express for Win32 7.0 SP 3 BEA Systems WebLogic Express for Win32 7.0 SP 2 BEA Systems WebLogic Express for Win32 7.0 SP 1 BEA Systems WebLogic Express for Win32 7.0 BEA Systems WebLogic Express 8.1 SP 1 BEA Systems WebLogic Express 8.1 BEA Systems WebLogic Express 7.0 SP 4 BEA Systems WebLogic Express 7.0 SP 3 BEA Systems WebLogic Express 7.0 SP 2 BEA Systems WebLogic Express 7.0 SP 1 BEA Systems WebLogic Express 7.0 |
| Not Vulnerable: |
BEA Systems WebLogic Server for Win32 8.1 SP 2 BEA Systems WebLogic Server for Win32 7.0 SP 5 BEA Systems Weblogic Server 8.1 SP 2 BEA Systems Weblogic Server 7.0 SP 5 BEA Systems WebLogic Express for Win32 8.1 SP 2 BEA Systems WebLogic Express for Win32 7.0 SP 5 BEA Systems WebLogic Express 8.1 SP 2 BEA Systems WebLogic Express 7.0 SP 5 |
Discussion
BEA WebLogic Server and WebLogic Express Illegal URI Pattern Potential Bypass Vulnerability
It has been reported that WebLogic Server and WebLogic Express may be prone to a vulnerability that could allow a remote attacker to potentially gain access to sensitive resources. This issue results from a change in functionality that was deployed as part of WebLogic Server and Express versions 7.x and later. Users employing the illegal URI patterns for access controls and migrating to subsequent versions of the software could be affected by this issue.
It has been reported that WebLogic Server and WebLogic Express may be prone to a vulnerability that could allow a remote attacker to potentially gain access to sensitive resources. This issue results from a change in functionality that was deployed as part of WebLogic Server and Express versions 7.x and later. Users employing the illegal URI patterns for access controls and migrating to subsequent versions of the software could be affected by this issue.
Exploit / POC
BEA WebLogic Server and WebLogic Express Illegal URI Pattern Potential Bypass Vulnerability
No exploit is required.
No exploit is required.
Solution / Fix
BEA WebLogic Server and WebLogic Express Illegal URI Pattern Potential Bypass Vulnerability
Solution:
BEA Systems has advised customers to upgrade to WebLogic Server and WebLogic Express version 8.1 Service Pack 2 or WebLogic Server and WebLogic Express version 7.0 Service Pack 5 depending on the version being used.
BEA Systems WebLogic Server for Win32 7.0 SP 4
BEA Systems Weblogic Server 7.0 SP 4
BEA Systems WebLogic Express for Win32 8.1
BEA Systems Weblogic Server 8.1 SP 1
BEA Systems WebLogic Express for Win32 8.1 SP 1
BEA Systems WebLogic Server for Win32 8.1 SP 1
BEA Systems WebLogic Server for Win32 8.1
BEA Systems Weblogic Server 8.1
BEA Systems WebLogic Express 8.1 SP 1
BEA Systems WebLogic Express 8.1
Solution:
BEA Systems has advised customers to upgrade to WebLogic Server and WebLogic Express version 8.1 Service Pack 2 or WebLogic Server and WebLogic Express version 7.0 Service Pack 5 depending on the version being used.
BEA Systems WebLogic Server for Win32 7.0 SP 4
-
BEA Systems WebLogic Server 7.0 SP5
http://commerce.beasys.com/downloads/weblogic_server.jsp#wls
BEA Systems Weblogic Server 7.0 SP 4
-
BEA Systems WebLogic Server 7.0 SP5
http://commerce.beasys.com/downloads/weblogic_server.jsp#wls
BEA Systems WebLogic Express for Win32 8.1
-
BEA Systems WebLogic Server 8.0 SP2
http://commerce.beasys.com/showallversions.jsp?family=WLS
BEA Systems Weblogic Server 8.1 SP 1
-
BEA Systems WebLogic Server 8.0 SP2
http://commerce.beasys.com/showallversions.jsp?family=WLS
BEA Systems WebLogic Express for Win32 8.1 SP 1
-
BEA Systems WebLogic Server 8.0 SP2
http://commerce.beasys.com/showallversions.jsp?family=WLS
BEA Systems WebLogic Server for Win32 8.1 SP 1
-
BEA Systems WebLogic Server 8.0 SP2
http://commerce.beasys.com/showallversions.jsp?family=WLS
BEA Systems WebLogic Server for Win32 8.1
-
BEA Systems WebLogic Server 8.0 SP2
http://commerce.beasys.com/showallversions.jsp?family=WLS
BEA Systems Weblogic Server 8.1
-
BEA Systems WebLogic Server 8.0 SP2
http://commerce.beasys.com/showallversions.jsp?family=WLS
BEA Systems WebLogic Express 8.1 SP 1
-
BEA Systems WebLogic Server 8.0 SP2
http://commerce.beasys.com/showallversions.jsp?family=WLS
BEA Systems WebLogic Express 8.1
-
BEA Systems WebLogic Server 8.0 SP2
http://commerce.beasys.com/showallversions.jsp?family=WLS
References
BEA WebLogic Server and WebLogic Express Illegal URI Pattern Potential Bypass Vulnerability
References:
References:
- Security Advisory: (BEA04-56.00) (BEA Systems)