首页 -> 安全研究
安全研究
安全漏洞
BEA Systems WebLogic Express竞争条件远程拒绝服务漏洞
发布日期:2002-07-04
更新日期:2002-07-15
受影响系统:
BEA Systems WebLogic Express for Win32 5.1 SP 10描述:
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000
BEA Systems WebLogic Express for Win32 5.1 SP 11
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000
BEA Systems WebLogic Express for Win32 5.1 SP 12
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000
BEA Systems WebLogic Express for Win32 5.1 SP 2
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000
BEA Systems WebLogic Express for Win32 5.1 SP 3
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000
BEA Systems WebLogic Express for Win32 5.1 SP 4
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000
BEA Systems WebLogic Express for Win32 5.1 SP 5
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000
BEA Systems WebLogic Express for Win32 5.1 SP 6
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000
BEA Systems WebLogic Express for Win32 5.1 SP 7
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000
BEA Systems WebLogic Express for Win32 5.1 SP 8
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000
BEA Systems WebLogic Express for Win32 5.1 SP 9
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000
BUGTRAQ ID: 5159
CVE(CAN) ID: CVE-2002-1030
BEA Systems WebLogic Server是一款企业级别的WEB和无线应用服务程序,BEA WebLogic Express是为WEB和无线应用程序的动态数据进行服务的平台,可使用在多种Linux/Unix操作系统中,也可以使用在Windows操作系统下。
BEA WebLogic Express代码中存在竞争条件漏洞,远程攻击者可以利用这个漏洞进行拒绝服务攻击。
如果BEA WebLogic Express中的性能捆绑(performance pack)功能开启的情况下,攻击者可以提交大量的数据连接,可导致由于NTDLL.DLL产生错误而使服务崩溃,停止对正常通信的响应。
<*来源:zillion (zillion@snosoft.com)
链接:http://archives.neohapsis.com/archives/bugtraq/2002-07/0040.html
*>
建议:
临时解决方法:
如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁:
* 使用如下方法关闭性能捆束(performance pack)功能:
1,启动Weblogic Server控制台。
2,在导行树中打开Servers文件夹。
3,在Servers文件夹中选择你的服务器。
4,选择Configuration标签。
5,选择Tuning标签。
6,如果"Native IO Enabled"被选中,请撤消选中。
7,点击Apply。
8,重启动你的服务器。
厂商补丁:
BEA Systems
-----------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
Bea Systems WebLogic Server for Win32 5.1 SP 9:
Bea Systems WebLogic Express for Win32 5.1 SP 9:
Bea Systems WebLogic Express for Win32 5.1 SP 8:
Bea Systems WebLogic Server for Win32 5.1 SP 8:
Bea Systems WebLogic Server for Win32 5.1 SP 7:
Bea Systems WebLogic Express for Win32 5.1 SP 7:
Bea Systems WebLogic Express for Win32 5.1 SP 6:
Bea Systems WebLogic Server for Win32 5.1 SP 6:
Bea Systems WebLogic Server for Win32 5.1 SP 5:
Bea Systems WebLogic Express for Win32 5.1 SP 5:
Bea Systems WebLogic Express for Win32 5.1 SP 4:
Bea Systems WebLogic Server for Win32 5.1 SP 4:
Bea Systems WebLogic Server for Win32 5.1 SP 3:
Bea Systems WebLogic Express for Win32 5.1 SP 3:
Bea Systems WebLogic Express for Win32 5.1 SP 2:
Bea Systems WebLogic Server for Win32 5.1 SP 2:
Bea Systems WebLogic Express for Win32 5.1 SP 12:
BEA Systems Patch CR080901_510sp12.zip
ftp://ftpna.bea.com/pub/releases/security/CR080901_510sp12.zip
Bea Systems WebLogic Server for Win32 5.1 SP 12:
BEA Systems Patch CR080901_510sp12.zip
ftp://ftpna.bea.com/pub/releases/security/CR080901_510sp12.zip
Bea Systems WebLogic Server for Win32 5.1 SP 11:
Bea Systems WebLogic Express for Win32 5.1 SP 11:
Bea Systems WebLogic Express for Win32 5.1 SP 10:
Bea Systems WebLogic Server for Win32 5.1 SP 10:
Bea Systems WebLogic Express for Win32 5.1 SP 1:
Bea Systems WebLogic Server for Win32 5.1 SP 1:
Bea Systems WebLogic Server for Win32 5.1:
Bea Systems WebLogic Express for Win32 5.1:
Bea Systems WebLogic Server for Win32 6.0 SP 2:
BEA Systems Patch CR080901_60sp2rp3.zip
ftp://ftpna.bea.com/pub/releases/security/CR080901_60sp2rp3.zip
Must have rolling patch 3 installed.
Bea Systems WebLogic Express for Win32 6.0 SP 2:
BEA Systems Patch CR080901_60sp2rp3.zip
ftp://ftpna.bea.com/pub/releases/security/CR080901_60sp2rp3.zip
Must have rolling patch 3 installed.
Bea Systems WebLogic Express for Win32 6.0 SP 1:
Bea Systems WebLogic Server for Win32 6.0 SP 1:
Bea Systems WebLogic Server for Win32 6.0:
Bea Systems WebLogic Express for Win32 6.0:
Bea Systems WebLogic Server for Win32 6.1 SP 3:
BEA Systems Patch CR080901_61sp3.zip
ftp://ftpna.bea.com/pub/releases/security/CR080901_61sp3.zip
Bea Systems WebLogic Express for Win32 6.1 SP 3:
BEA Systems Patch CR080901_61sp3.zip
ftp://ftpna.bea.com/pub/releases/security/CR080901_61sp3.zip
Bea Systems WebLogic Server for Win32 6.1 SP 2:
Bea Systems WebLogic Express for Win32 6.1 SP 2:
Bea Systems WebLogic Express for Win32 6.1 SP 1:
Bea Systems WebLogic Server for Win32 6.1 SP 1:
Bea Systems WebLogic Server for Win32 6.1:
Bea Systems WebLogic Express for Win32 6.1:
Bea Systems WebLogic Express for Win32 7.0:
BEA Systems Patch CR080901_70.zip
ftp://ftpna.bea.com/pub/releases/security/CR080901_70.zip
Bea Systems WebLogic Server for Win32 7.0:
BEA Systems Patch CR080901_70.zip
ftp://ftpna.bea.com/pub/releases/security/CR080901_70.zip
浏览次数:3206
严重程度:0(网友投票)
绿盟科技给您安全的保障