SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Web Server/CGI)  >  WebLogic Vendors:  BEA Systems
BEA WebLogic Enterprise Input Validation Flaws Let Remote Users Determine File Existence, Deny Service, and Conduct Cross-Site Scripting Attacks
SecurityTracker Alert ID:  1008041
CVE Reference:  CAN-2003-0621 ,  CAN-2003-0622 ,  CAN-2003-0623   (Links to External Site)
Updated:  Dec 1 2003
Original Entry Date:  Oct 30 2003
Impact:  Denial of service via network, Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Fix Available:  Yes   Vendor Confirmed:  Yes  
Version(s): WebLogic Enterprise 5.1, 5.0.1, and 4.2
Description:  A vulnerability was reported in the administration console of certain versions of BEA's WebLogic Enterprise. A remote user can determine if certain files exist on the server. A remote user can cause denial of service conditions. A remote user can also conduct cross-site scripting attacks.

It is reported that some of the CGI console application's startup arguments are not properly validated. A remote user can supply specially crafted values to exploit a flaw in the administration console.

It is reported that a user can specify a specially crafted path value to determine if a specified file exists on the target server [CVE: CAN-2003-0621].

It is also reported that a remote user can provide a device name in place of a valid filename to cause another user's login attempt to hang. According to the report, the stability of the server running administration console processes may be affected [CVE: CAN-2003-0622].

Finally, it is reported that a remote user can create a specially crafted URL that, when loaded by a target user, will cause arbitrary scripting code to be executed by the target user's browser [CVE: CAN-2003-0623]. The code will originate from the site running the vulnerable BEA software and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

BEA credits Corsaire Limited with identifying these flaws.
Impact:  A remote user can determine if certain files exist on the server.

A remote user can cause denial of service conditions for subsequent administrator login attempts.

A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the vulnerable BEA software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution:  The vendor has provided a patch for Tuxedo 8.1 (Rolling Patch 62). For other releases, the vendor advises that you should upgrade to Tuxedo 8.1 or Contact BEA Customer Support to request a fix for the specific release that you are using.
Vendor URL:  dev2dev.bea.com/resourcelibrary/advisoriesnotifications/advisory03_38_00.jsp (Links to External Site)
Cause:  Exception handling error, Input validation error
Underlying OS:  Linux (Red Hat), OS/400, UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), UNIX (Tru64), Windows (NT), Windows (2000)

Message History:   None.

 Source Message Contents
Date:  Wed, 29 Oct 2003 23:44:04 -0500
Subject:  http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/advisory03_38_00.jsp

 

http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/advisory03_38_00.jsp

 > SECURITY ADVISORY (BEA03-38.00)

BEA Systems reported a vulnerability in the BEA Tuxedo administration console.

The following versions are affected:

Tuxedo 8.1, Tuxedo 8.0, Tuxedo 7.1, Tuxedo 6.5, Tuxedo 6.4, Tuxedo 6.3, all platforms.
WebLogic Enterprise 5.1, WebLogic Enterprise 5.0.1 and WebLogic Enterprise 4.2, all 
platforms.

It is reported that some of the CGI application's startup arguments are not properly 
validated.  A remote user can supply specially crafted values to exploit a flaw in Tuxedo.

It is reported that a user can specify a specially crafted path value to determine if a 
specified file exists on the target server.

It is also reported that a remote user can provide a device name in place of a valid 
filename to cause another user's login attempt to hang.  According to the report, the 
stability of the server running administration console processes may be affected.

Finally, it is reported that a remote user can submit a specially crafted filename 
containing HTML code as part of a cross-site scripting attack.

BEA credits Corsaire Limited with identifying these flaws.

BEA has provided the following fix information:

For Tuxedo 8.1:

Apply Rolling Patch 62 or later.

For all other releases:

Upgrade to Tuxedo 8.1, or Contact BEA Customer Support to request a fix for the release 
you are using.


 > Threat level: low
 > Severity: medium


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2003, SecurityGlobal.net LLC