SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Web Server/CGI)  >  WebLogic Vendors:  BEA Systems
BEA Systems WebLogic Server and Express May Return a Response to the Wrong Remote User
SecurityTracker Alert ID:  1005310
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Sep 28 2002
Impact:  User access via network
Fix Available:  Yes   Vendor Confirmed:  Yes  
Version(s): WebLogic Server and Express 6.1, 6.1 SP1, 7.0 and 7.0.0.1.
Description:  An information disclosure vulnerability was reported in BEA Systems WebLogic application server. A remote user may receive an HTTP response intended for a different remote user.

BEA reports that the WebLogic Server and Express are designed to buffer response data to improve performance. However, a defect in the buffer mechanism may return buffered information to the wrong remote user in response to a different request from that remote user.

According to the report, this defect occurs rarely. Also, it occurs randomly and apparently cannot be prompted by a user.
Impact:  A remote user may view information intended for a different user.

[Editor's note: Although the report does not explicity indicate so, it may be possible that a remote user could receive an authentication cookie or authentication information intended for a different user, potentially granting access to the wrong user.]
Solution:  The vendor has released WebLogic Server 7.0 Service Pack 1 and WebLogic Server 6.1, Service Pack 3 to correct the problem.

Service Packs and related information are available at:

http://commerce.beasys.com/downloads/weblogic_server.jsp#wls
Vendor URL:  dev2dev.bea.com/resourcelibrary/advisoriesdetail.jsp?highlight=advisoriesnotifications&path=components%2Fdev2dev%2Fresourcelibrary%2Fadvisoriesno (Links to External Site)
Cause:  Access control error, Resource error
Underlying OS:  Linux (Red Hat), Linux (SuSE), OpenVMS, UNIX (AIX), UNIX (HP/UX), UNIX (Open UNIX-SCO), UNIX (Solaris - SunOS), UNIX (Tru64), Windows (NT), Windows (2000)

Message History:   None.

 Source Message Contents
Date:  Sat, 28 Sep 2002 00:47:40 -0400
Subject:  BEA02-20.00

 

http://dev2dev.bea.com/resourcelibrary/advisoriesdetail.jsp?highlight=advisoriesnotifications&pat
h=components%2Fdev2dev%2Fresourcelibrary%2Fadvisoriesnotifications%2FAdvisories_BEA02-20.htm

BEA Systems released a security advisory (BEA02-20.00) warning of a
vulnerability in certain versions of BEA WebLogic Server and Express:

BEA WebLogic Server and Express 6.1, 6.1 SP1, 7.0 and 7.0.0.1.

BEA reports that HTTP response data to be shared among two users.  This is due
to a defect in a WebLogic Server buffer (response data is buffered for better
performance, according to the report).  BEA indicates that the inadvertent
sharing of buffer data occurs only rarely and is a random event -- it apparently
cannot be prompted by a user.

BEA has released WebLogic Server 7.0 Service Pack 1 and WebLogic Server 6.1,
Service Pack 3 to correct the problem.

Service Packs and related information are available at:

http://commerce.beasys.com/downloads/weblogic_server.jsp#wls

Severity: Moderate

Threat Level: Low


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2002, SecurityGlobal.net LLC