BID:17164

BEA WebLogic Portal JSR-168 Portlets Information Disclosure Vulnerability

Info

BEA WebLogic Portal JSR-168 Portlets Information Disclosure Vulnerability

Bugtraq ID:	17164
Class:	Design Error
CVE:
Remote:	Yes
Local:	No
Published:	Mar 20 2006 12:00AM
Updated:	Mar 21 2006 05:34PM
Credit:	The vendor disclosed this issue.
Vulnerable:	BEA Systems WebLogic Portal 8.1 SP5 BEA Systems WebLogic Portal 8.1 SP4 BEA Systems WebLogic Portal 8.1 SP3 BEA Systems WebLogic Portal 8.1 SP2 BEA Systems WebLogic Portal 8.1 SP1 BEA Systems WebLogic Portal 8.1 BEA Systems WebLogic Portal 8.0

Not Vulnerable:	BEA Systems WebLogic Portal 8.1 SP6

Discussion

BEA WebLogic Portal JSR-168 Portlets Information Disclosure Vulnerability

BEA WebLogic Portal is prone to an information-disclosure vulnerability. The affected application improperly discloses potentially sensitive information.

This issue can allow attackers to gain access to potentially sensitive information and can result in a loss of confidentiality.

Exploit / POC

BEA WebLogic Portal JSR-168 Portlets Information Disclosure Vulnerability

This issue can be exploited through use of a client application.

Solution / Fix

BEA WebLogic Portal JSR-168 Portlets Information Disclosure Vulnerability

Solution:
The vendor has released an advisory to address this issue. Please see the referenced advisory for further information on resolving this issue.

BEA Systems WebLogic Portal 8.0

BEA Systems patch_CR259534_81SP5.zip
ftp://ftpna.beasys.com/pub/releases/security/patch_CR259534_81SP5.zip

BEA Systems WebLogic Portal 8.1 SP2

BEA Systems patch_CR259534_81SP5.zip
ftp://ftpna.beasys.com/pub/releases/security/patch_CR259534_81SP5.zip

BEA Systems WebLogic Portal 8.1 SP4

BEA Systems patch_CR259534_81SP5.zip
ftp://ftpna.beasys.com/pub/releases/security/patch_CR259534_81SP5.zip

BEA Systems WebLogic Portal 8.1

BEA Systems patch_CR259534_81SP5.zip
ftp://ftpna.beasys.com/pub/releases/security/patch_CR259534_81SP5.zip

BEA Systems WebLogic Portal 8.1 SP1

BEA Systems patch_CR259534_81SP5.zip
ftp://ftpna.beasys.com/pub/releases/security/patch_CR259534_81SP5.zip

BEA Systems WebLogic Portal 8.1 SP3

BEA Systems patch_CR259534_81SP5.zip
ftp://ftpna.beasys.com/pub/releases/security/patch_CR259534_81SP5.zip

BEA Systems WebLogic Portal 8.1 SP5

BEA Systems patch_CR259534_81SP5.zip
ftp://ftpna.beasys.com/pub/releases/security/patch_CR259534_81SP5.zip

References

BEA WebLogic Portal JSR-168 Portlets Information Disclosure Vulnerability

References:

WebLogic Portal Product Page (BEA Systems)