BEA Weblogic Proxy Multiple Buffer Overflow Vulnerabilities
BID:1570
Info
BEA Weblogic Proxy Multiple Buffer Overflow Vulnerabilities
| Bugtraq ID: | 1570 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Aug 15 2000 12:00AM |
| Updated: | Aug 15 2000 12:00AM |
| Credit: | This vulnerability was discovered by Gerardo Richarte and Hernan Ochoa of CORE SDI S.A., Buenos Aires, Argentina. |
| Vulnerable: |
BEA Systems Weblogic Server 5.1 x BEA Systems Weblogic Server 4.5 x BEA Systems Weblogic Server 4.0 x BEA Systems Weblogic Server 3.1.8 |
| Not Vulnerable: | |
Discussion
BEA Weblogic Proxy Multiple Buffer Overflow Vulnerabilities
BEA Systems Inc. Weblogic server provides facilities to integrate it to third party web servers. This is accomplished by a plug-in that allows the third party web server to proxy requests to the Weblogic Server. As described in BEA's documentation plugins are supported for Netscape Enterprise Server, IIS and Apache in the form of dynamically loadable libraries.
These web servers can be configured to redirect requests for servlets and JSP files to a Weblogic server running on the same or on a different host. Several buffer overflows in these plugins provided by BEA Weblogic server allow a remote attacker to execute arbitrary code on the system running the proxying web server. The net result of this is remote execution of arbitrary code as the user running the proxying server (generally root on UNIX systems, SYSTEM on MS NT).
BEA Systems Inc. Weblogic server provides facilities to integrate it to third party web servers. This is accomplished by a plug-in that allows the third party web server to proxy requests to the Weblogic Server. As described in BEA's documentation plugins are supported for Netscape Enterprise Server, IIS and Apache in the form of dynamically loadable libraries.
These web servers can be configured to redirect requests for servlets and JSP files to a Weblogic server running on the same or on a different host. Several buffer overflows in these plugins provided by BEA Weblogic server allow a remote attacker to execute arbitrary code on the system running the proxying web server. The net result of this is remote execution of arbitrary code as the user running the proxying server (generally root on UNIX systems, SYSTEM on MS NT).
Exploit / POC
BEA Weblogic Proxy Multiple Buffer Overflow Vulnerabilities
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution / Fix
BEA Weblogic Proxy Multiple Buffer Overflow Vulnerabilities
Solution:
BEA advises the following:
Version: BEA WebLogic Server and Express 5.1.x, 4.5.x standalone version or as part of BEA WebLogic Enterprise 5.1 on all OS platforms
Action : Upgrade the proxy plug-in used for third-party Web server integration.
BEA Systems Weblogic Server 3.1.8
BEA Systems Weblogic Server 4.0 x
BEA Systems Weblogic Server 4.5 x
BEA Systems Weblogic Server 5.1 x
Solution:
BEA advises the following:
Version: BEA WebLogic Server and Express 5.1.x, 4.5.x standalone version or as part of BEA WebLogic Enterprise 5.1 on all OS platforms
Action : Upgrade the proxy plug-in used for third-party Web server integration.
BEA Systems Weblogic Server 3.1.8
-
BEA Systems Service Pack 5
http://commerce.beasys.com/downloads/weblogic_server.jsp#wls
BEA Systems Weblogic Server 4.0 x
-
BEA Systems Service Pack 5
http://commerce.beasys.com/downloads/weblogic_server.jsp#wls
BEA Systems Weblogic Server 4.5 x
-
BEA Systems Service Pack 5
http://commerce.beasys.com/downloads/weblogic_server.jsp#wls
BEA Systems Weblogic Server 5.1 x
-
BEA Systems Service Pack 5
http://commerce.beasys.com/downloads/weblogic_server.jsp#wls
References
BEA Weblogic Proxy Multiple Buffer Overflow Vulnerabilities
References:
References:
- BEA WebLogic Server Security Alerts (BEA Systems)
- CORE SDI Homepage (CORE)
- Weblogic (BEA Systems)
- WebLogic Server JSP Configuration (BEA Systems)