BEA Multiple Products Multiple Vulnerabilities
BID:22082
Info
BEA Multiple Products Multiple Vulnerabilities
| Bugtraq ID: | 22082 |
| Class: | Unknown |
| CVE: |
CVE-2007-0409 CVE-2007-0410 CVE-2007-0411 CVE-2007-0412 CVE-2007-0413 CVE-2007-0414 CVE-2007-0415 CVE-2007-0416 CVE-2007-0417 CVE-2007-0419 CVE-2007-0420 CVE-2007-0421 CVE-2007-0422 CVE-2007-0423 CVE-2007-0424 CVE-2007-0426 CVE-2007-0432 CVE-2007-0433 CVE-2007-0434 CVE-2007-4613 CVE-2007-4614 CVE-2007-4618 CVE-2007-0408 CVE-2007-0418 |
| Remote: | Yes |
| Local: | Yes |
| Published: | Jan 16 2007 12:00AM |
| Updated: | Jul 06 2016 02:40PM |
| Credit: | These issues were disclosed by the vendor. |
| Vulnerable: |
BEA Systems WebLogic Server for Win32 8.1 SP 5 BEA Systems WebLogic Server for Win32 8.1 SP 4 BEA Systems WebLogic Server for Win32 8.1 SP 3 BEA Systems WebLogic Server for Win32 8.1 SP 2 BEA Systems WebLogic Server for Win32 8.1 SP 1 BEA Systems WebLogic Server for Win32 8.1 BEA Systems WebLogic Server for Win32 7.0 .0.1 SP 2 BEA Systems WebLogic Server for Win32 7.0 .0.1 SP 1 BEA Systems WebLogic Server for Win32 7.0 .0.1 BEA Systems WebLogic Server for Win32 7.0 SP 7 BEA Systems WebLogic Server for Win32 7.0 SP 6 BEA Systems WebLogic Server for Win32 7.0 SP 5 BEA Systems WebLogic Server for Win32 7.0 SP 4 BEA Systems WebLogic Server for Win32 7.0 SP 3 BEA Systems WebLogic Server for Win32 7.0 SP 2 BEA Systems WebLogic Server for Win32 7.0 SP 1 BEA Systems WebLogic Server for Win32 7.0 BEA Systems WebLogic Server for Win32 6.1 SP 7 BEA Systems WebLogic Server for Win32 6.1 SP 6 BEA Systems WebLogic Server for Win32 6.1 SP 5 BEA Systems WebLogic Server for Win32 6.1 SP 4 BEA Systems WebLogic Server for Win32 6.1 SP 3 BEA Systems WebLogic Server for Win32 6.1 SP 2 BEA Systems WebLogic Server for Win32 6.1 SP 1 BEA Systems WebLogic Server for Win32 6.1 BEA Systems WebLogic Server for Win32 9.1 BEA Systems WebLogic Server for Win32 9.0 BEA Systems Weblogic Server 8.1 SP 5 BEA Systems Weblogic Server 8.1 SP 4 BEA Systems Weblogic Server 8.1 SP 3 BEA Systems Weblogic Server 8.1 SP 2 BEA Systems Weblogic Server 8.1 SP 1 BEA Systems Weblogic Server 8.1 BEA Systems Weblogic Server 7.0 .0.1 SP 4 BEA Systems Weblogic Server 7.0 .0.1 SP 3 BEA Systems Weblogic Server 7.0 .0.1 SP 2 BEA Systems Weblogic Server 7.0 .0.1 SP 1 BEA Systems Weblogic Server 7.0 .0.1 BEA Systems Weblogic Server 7.0 SP 7 BEA Systems Weblogic Server 7.0 SP 6 BEA Systems Weblogic Server 7.0 SP 5 BEA Systems Weblogic Server 7.0 SP 4 BEA Systems Weblogic Server 7.0 SP 3 BEA Systems Weblogic Server 7.0 SP 2 BEA Systems Weblogic Server 7.0 SP 1 BEA Systems Weblogic Server 7.0 BEA Systems Weblogic Server 6.1 SP6 BEA Systems Weblogic Server 6.1 SP 8 BEA Systems Weblogic Server 6.1 SP 7 BEA Systems Weblogic Server 6.1 SP 5 BEA Systems Weblogic Server 6.1 SP 4 BEA Systems Weblogic Server 6.1 SP 3 BEA Systems Weblogic Server 6.1 SP 2 BEA Systems Weblogic Server 6.1 SP 1 BEA Systems Weblogic Server 6.1 BEA Systems Weblogic Server Netscape plug-in BEA Systems Weblogic Server Apache plug-in BEA Systems Weblogic Server 9.2 BEA Systems Weblogic Server 9.1 BEA Systems Weblogic Server 9.0 BEA Systems WebLogic Portal 8.1 SP4 BEA Systems WebLogic Portal 8.1 SP3 BEA Systems WebLogic Portal 9.2 BEA Systems WebLogic Platform 8.1 SP 3 BEA Systems WebLogic Platform 8.1 SP 2 BEA Systems WebLogic Platform 8.1 SP 1 BEA Systems WebLogic Platform 8.1 BEA Systems WebLogic Platform 7.0 SP 5 BEA Systems WebLogic Platform 7.0 SP 4 BEA Systems WebLogic Platform 7.0 SP 3 BEA Systems WebLogic Platform 7.0 SP 2 BEA Systems WebLogic Platform 7.0 SP 1 BEA Systems WebLogic Platform 7.0 BEA Systems WebLogic Platform 8.1 BEA Systems WebLogic Express for Win32 8.1 SP 5 BEA Systems WebLogic Express for Win32 8.1 SP 4 BEA Systems WebLogic Express for Win32 8.1 SP 3 BEA Systems WebLogic Express for Win32 8.1 SP 2 BEA Systems WebLogic Express for Win32 8.1 SP 1 BEA Systems WebLogic Express for Win32 8.1 BEA Systems WebLogic Express for Win32 7.0 .0.1 SP 2 BEA Systems WebLogic Express for Win32 7.0 .0.1 SP 1 BEA Systems WebLogic Express for Win32 7.0 .0.1 BEA Systems WebLogic Express for Win32 7.0 SP 7 BEA Systems WebLogic Express for Win32 7.0 SP 6 BEA Systems WebLogic Express for Win32 7.0 SP 5 BEA Systems WebLogic Express for Win32 7.0 SP 4 BEA Systems WebLogic Express for Win32 7.0 SP 3 BEA Systems WebLogic Express for Win32 7.0 SP 2 BEA Systems WebLogic Express for Win32 7.0 SP 1 BEA Systems WebLogic Express for Win32 7.0 BEA Systems WebLogic Express for Win32 6.1 SP 8 BEA Systems WebLogic Express for Win32 6.1 SP 7 BEA Systems WebLogic Express for Win32 6.1 SP 6 BEA Systems WebLogic Express for Win32 6.1 SP 5 BEA Systems WebLogic Express for Win32 6.1 SP 4 BEA Systems WebLogic Express for Win32 6.1 SP 3 BEA Systems WebLogic Express for Win32 6.1 SP 2 BEA Systems WebLogic Express for Win32 6.1 SP 1 BEA Systems WebLogic Express for Win32 6.1 BEA Systems WebLogic Express 8.1 SP 5 BEA Systems WebLogic Express 8.1 SP 4 BEA Systems WebLogic Express 8.1 SP 3 BEA Systems WebLogic Express 8.1 SP 2 BEA Systems WebLogic Express 8.1 SP 1 BEA Systems WebLogic Express 8.1 BEA Systems WebLogic Express 7.0 .0.1 SP 4 BEA Systems WebLogic Express 7.0 .0.1 SP 3 BEA Systems WebLogic Express 7.0 .0.1 SP 2 BEA Systems WebLogic Express 7.0 .0.1 SP 1 BEA Systems WebLogic Express 7.0 .0.1 BEA Systems WebLogic Express 7.0 SP 7 BEA Systems WebLogic Express 7.0 SP 6 BEA Systems WebLogic Express 7.0 SP 5 BEA Systems WebLogic Express 7.0 SP 4 BEA Systems WebLogic Express 7.0 SP 3 BEA Systems WebLogic Express 7.0 SP 2 BEA Systems WebLogic Express 7.0 SP 1 BEA Systems WebLogic Express 7.0 BEA Systems WebLogic Express 6.1 SP6 BEA Systems WebLogic Express 6.1 SP 8 BEA Systems WebLogic Express 6.1 SP 7 BEA Systems WebLogic Express 6.1 SP 5 BEA Systems WebLogic Express 6.1 SP 4 BEA Systems WebLogic Express 6.1 SP 3 BEA Systems WebLogic Express 6.1 SP 2 BEA Systems WebLogic Express 6.1 SP 1 BEA Systems WebLogic Express 6.1 BEA Systems WebLogic Express 9.2 BEA Systems WebLogic Express 9.1 BEA Systems WebLogic Express 9.0 BEA Systems JRockit 3.1.4 .1 BEA Systems JRockit 3.1.4 BEA Systems JRockit 3.1.3 BEA Systems JRockit 3.1.2 BEA Systems JRockit 3.1.1 BEA Systems JRockit 1.4.2 BEA Systems JRockit 1.4.2 R4.5 BEA Systems ALSB 2.5 BEA Systems ALSB 2.1 BEA Systems ALSB 2.0 BEA Systems ALES 2.2 BEA Systems ALES 2.1 BEA Systems ALES 2.0 |
| Not Vulnerable: | |
Discussion
BEA Multiple Products Multiple Vulnerabilities
BEA has released 23 advisories identifying various vulnerabilities affecting BEA WebLogic Server, WebLogic Platform, and WebLogic Express, ALES, ALSB, and JRockit. These issues present remote and local threats and may facilitate attacks affecting the integrity, confidentiality, and availability of vulnerable computers.
BEA has released 23 advisories identifying various vulnerabilities affecting BEA WebLogic Server, WebLogic Platform, and WebLogic Express, ALES, ALSB, and JRockit. These issues present remote and local threats and may facilitate attacks affecting the integrity, confidentiality, and availability of vulnerable computers.
Exploit / POC
BEA Multiple Products Multiple Vulnerabilities
Currently we are not aware of any exploits for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any exploits for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
BEA Multiple Products Multiple Vulnerabilities
Solution:
The vendor has released updates to address these issues. Consult the referenced advisories for details on obtaining the appropriate updates. Some of these updates may be installed with the smart update tool.
BEA Systems Weblogic Server 9.0
BEA Systems WebLogic Express 6.1 SP 7
BEA Systems Weblogic Server 7.0 SP 7
BEA Systems WebLogic Express 7.0
BEA Systems WebLogic Express 7.0 SP 7
Solution:
The vendor has released updates to address these issues. Consult the referenced advisories for details on obtaining the appropriate updates. Some of these updates may be installed with the smart update tool.
BEA Systems Weblogic Server 9.0
-
BEA Systems CR232325_900.jar
ftp://anonymous:dev2dev%40bea%[email protected]/pub/releases/securit y/CR232325_900.jar -
BEA Systems CR236939_900rp.jar
ftp://anonymous:dev2dev%40bea%[email protected]/pub/releases/securit y/CR236939_900rp.jar -
BEA Systems CR237973_900.jar
ftp://anonymous:dev2dev%40bea%[email protected]/pub/releases/securit y/CR237973_900.jar -
BEA Systems CR248397_900.jar
ftp://anonymous:dev2dev%40bea%[email protected]/pub/releases/securit y/CR248397_900.jar -
BEA Systems CR258305_900.jar
ftp://anonymous:dev2dev%40bea%[email protected]/pub/releases/securit y/CR258305_900.jar -
BEA Systems CR265150_900.jar
ftp://anonymous:dev2dev%40bea%[email protected]/pub/releases/securit y/CR265150_900.jar -
BEA Systems CR266413_900.jar
ftp://anonymous:dev2dev%40bea%[email protected]/pub/releases/securit y/CR266413_900.jar -
BEA Systems CR276583_900.jar
ftp://anonymous:dev2dev%40bea%[email protected]/pub/releases/securit y/CR276583_900.jar -
BEA Systems CR283953_900rp.jar
ftp://anonymous:dev2dev%40bea%[email protected]/pub/releases/securit y/CR283953_900rp.jar
BEA Systems WebLogic Express 6.1 SP 7
-
BEA Systems CR102790_61sp7.jar
ftp://anonymous:dev2dev%40bea%[email protected]/pub/releases/securit y/CR102790_61sp7.jar -
BEA Systems CR239231_61sp7.jar
ftp://anonymous:dev2dev%40bea%[email protected]/pub/releases/securit y/CR239231_61sp7.jar -
BEA Systems CR248397_610sp7.jar
ftp://anonymous:dev2dev%40bea%[email protected]/pub/releases/securit y/CR248397_610sp7.jar -
BEA Systems CR276586_610sp7.jar
ftp://anonymous:dev2dev%40bea%[email protected]/pub/releases/securit y/CR276586_610sp7.jar
BEA Systems Weblogic Server 7.0 SP 7
-
BEA CR102790_700sp7.zip
ftp://anonymous:dev2dev%40bea%[email protected]/pub/releases/securit y/CR102790_700sp7.zip -
BEA Systems CR239231_70sp7.jar
ftp://anonymous:dev2dev%40bea%[email protected]/pub/releases/securit y/CR239231_70sp7.jar
BEA Systems WebLogic Express 7.0
-
BEA Systems CR265150_700sp7.jar
ftp://anonymous:dev2dev%40bea%[email protected]/pub/releases/securit y/CR265150_700sp7.jar
BEA Systems WebLogic Express 7.0 SP 7
-
BEA CR102790_700sp7.zip
ftp://anonymous:dev2dev%40bea%[email protected]/pub/releases/securit y/CR102790_700sp7.zip -
BEA Systems CR276586_700sp7.jar
ftp://anonymous:dev2dev%40bea%[email protected]/pub/releases/securit y/CR276586_700sp7.jar
References
BEA Multiple Products Multiple Vulnerabilities
References:
References:
- BEA Security Advisory BEA07-156.00-Inadvertent corruption of WebLogic Portal ent (BEA Systems Inc. )
- BEA Security Advisory BEA07-157.00 (Security Advisories and Notifications) (Bea Systems )
- Weblogic (BEA Systems)
- WebLogic Portal Product Page (BEA Systems)
- WebLogic Server Product Homepage (Oracle)
- BEA Security Advisory BEA07-134.00 (SSL libraries may be vulnerable to unauthori (BEA Systems Inc)
- BEA Security Advisory BEA07-135.00 (Certificate validation condition in WebLogic (BEA Systems Inc)
- BEA Security Advisory BEA07-136.00 (JDBCDataSourceFactory MBean password field n (BEA Systems Inc)
- BEA Security Advisory BEA07-137.00 (Incorrect thread management may lead to serv (BEA Systems Inc)
- BEA Security Advisory BEA07-138.00 (Problem with certificate validation on WebLo (BEA Systems Inc)
- BEA Security Advisory BEA07-139.00 (Application files are exposed when deploying (BEA Systems Inc)
- BEA Security Advisory BEA07-140.00 (Sensitive attributes may be stored in clear- (BEA Systems Inc. )
- BEA Security Advisory BEA07-141.00 (Socket muxer threads may block when processi (BEA Systems Inc. )
- BEA Security Advisory BEA07-142.00 (Dynamic updates to applications deployed as (BEA Systems Inc. )
- BEA Security Advisory BEA07-143.00 (WS-Security runtime fails to enforce decrypt (BEA Systems Inc. )
- BEA Security Advisory BEA07-144.00 (Some EJB calls can be unintentionally execut (BEA Systems Inc. )
- BEA Security Advisory BEA07-145.00 (Permissions on EJB methods with array parame (BEA Systems Inc. )
- BEA Security Advisory BEA07-146.00 (Denial-of-service vulnerability in the proxy (BEA Systems Inc. )
- BEA Security Advisory BEA07-147.00 (Malformed HTTP requests may reveal data from (BEA Systems Inc. )
- BEA Security Advisory BEA07-148.00 (Malformed headers may cause high disk consum (BEA Systems Inc. )
- BEA Security Advisory BEA07-149.00 (Security policy changes may not be seen by m (BEA Systems Inc. )
- BEA Security Advisory BEA07-150.00 (A Denial of Service attack is possible again (BEA Systems Inc. )
- BEA Security Advisory BEA07-151.00 (Inadvertent removal of access restrictions) (BEA Systems Inc. )
- BEA Security Advisory BEA07-152.00 (Multiple vulnerabilities in WebLogic Server (BEA Systems Inc. )
- BEA Security Advisory BEA07-153.00 ( Audit events may be posted with incorrect s (BEA Systems Inc. )
- BEA Security Advisory BEA07-154.00 (Upgrade and patch are available to disable u (BEA Systems Inc. )
- Security Advisory: (BEA07-148.01) (BEA Systems)