BEA WebLogic Security Provider Activiation Weakness

2006-01-24T11:43:22
ID OSVDB:22773
Type osvdb
Reporter OSVDB
Modified 2006-01-24T11:43:22

Description

Vulnerability Description

BEA WebLogic contains a flaw that may lead to an administrator believing that a new security provider has been activated even though it is not active yet. This is because WebLogic does not activate a security provider before the system is rebooted. This may lead to a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, the vendor has released a patch to address this vulnerability.

Short Description

BEA WebLogic contains a flaw that may lead to an administrator believing that a new security provider has been activated even though it is not active yet. This is because WebLogic does not activate a security provider before the system is rebooted. This may lead to a loss of integrity.

References:

Vendor Specific Advisory URL Security Tracker: 1015528 Secunia Advisory ID:18592 Keyword: BEA06-116.00 ISS X-Force ID: 24298 FrSIRT Advisory: ADV-2006-0313 CVE-2006-0429 Bugtraq ID: 16358