BEA WebLogic Server and WebLogic Express 7.0 through 7.0 Service Pack 4, and 8.1 through 8.1 Service Pack 2, allows attackers to obtain the username and password for booting the server by directly accessing certain internal methods.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Weblogic_server | Bea | 7.0 (including) | 7.0 (including) |
| Weblogic_server | Bea | 7.0-sp1 (including) | 7.0-sp1 (including) |
| Weblogic_server | Bea | 7.0-sp2 (including) | 7.0-sp2 (including) |
| Weblogic_server | Bea | 7.0-sp3 (including) | 7.0-sp3 (including) |
| Weblogic_server | Bea | 7.0-sp4 (including) | 7.0-sp4 (including) |
| Weblogic_server | Bea | 7.0.0.1 (including) | 7.0.0.1 (including) |
| Weblogic_server | Bea | 7.0.0.1-sp1 (including) | 7.0.0.1-sp1 (including) |
| Weblogic_server | Bea | 7.0.0.1-sp2 (including) | 7.0.0.1-sp2 (including) |
| Weblogic_server | Bea | 7.0.0.1-sp3 (including) | 7.0.0.1-sp3 (including) |
| Weblogic_server | Bea | 7.0.0.1-sp4 (including) | 7.0.0.1-sp4 (including) |
| Weblogic_server | Bea | 8.1 (including) | 8.1 (including) |
| Weblogic_server | Bea | 8.1-sp1 (including) | 8.1-sp1 (including) |
| Weblogic_server | Bea | 8.1-sp2 (including) | 8.1-sp2 (including) |
References
- http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_55.00.jsp
- http://secunia.com/advisories/11359
- http://securitytracker.com/id?1009766
- http://www.kb.cert.org/vuls/id/352110
- http://www.osvdb.org/5296
- http://www.securityfocus.com/bid/10133
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15865
- http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_55.00.jsp
- http://secunia.com/advisories/11359
- http://securitytracker.com/id?1009766
- http://www.kb.cert.org/vuls/id/352110
- http://www.osvdb.org/5296
- http://www.securityfocus.com/bid/10133
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15865