BEA WebLogic weblogic.Admin Arbitrary Command Execution

2004-09-13T00:00:00
ID OSVDB:9972
Type osvdb
Reporter BEA Systems()
Modified 2004-09-13T00:00:00

Description

Vulnerability Description

WebLogic Server and WebLogic Express contain a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker sends a specially crafted URL, which will disclose system configuration information and allow for modification of system configuration resulting in a loss of confidentiality and/or integrity.

Solution Description

Upgrade to version 8.1 SP3 or higher, as it has been reported to fix this vulnerability. Users of 7.0 should ugrade to Service Pack 5 and apply the vendor patch, as it has been reported to fix this vulnerability.

Short Description

WebLogic Server and WebLogic Express contain a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker sends a specially crafted URL, which will disclose system configuration information and allow for modification of system configuration resulting in a loss of confidentiality and/or integrity.

References:

Vendor URL: http://www.bea.com/ Vendor Specific Advisory URL Secunia Advisory ID:12524 Related OSVDB ID: 9974 Related OSVDB ID: 9978 Related OSVDB ID: 9973 Related OSVDB ID: 9975 Related OSVDB ID: 9976 Related OSVDB ID: 9977 Keyword: BEA04-66.00