首页 -> 安全研究
安全研究
安全漏洞
Bea Systems WebLogic Xerces XML解析器远程拒绝服务漏洞
发布日期:2002-12-14
更新日期:2002-12-20
受影响系统:
BEA Systems WebLogic Express 7.0.0.1描述:
BEA Systems WebLogic Express 7.0 SP1
BEA Systems WebLogic Express 7.0
BEA Systems WebLogic Express 6.1 SP3
BEA Systems WebLogic Express 6.1 SP2
BEA Systems WebLogic Express 6.1 SP1
BEA Systems WebLogic Express 6.1
BEA Systems WebLogic Express 6.0 SP2
BEA Systems WebLogic Express 6.0 SP1
BEA Systems Weblogic Server 7.0.0.1
BEA Systems Weblogic Server 7.0 SP1
BEA Systems Weblogic Server 7.0
BEA Systems Weblogic Server 6.1 SP3
BEA Systems Weblogic Server 6.1 SP2
BEA Systems Weblogic Server 6.1 SP1
BEA Systems Weblogic Server 6.1
BEA Systems WebLogic Integration 7.0 SP1
BEA Systems WebLogic Integration 7.0
BEA Systems WebLogic Express 6.0
- HP HP-UX 11i
- HP HP-UX 11.0
- IBM AIX 4.3.3
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- RedHat Linux 7.1
- RedHat Linux 6.2
- Sun Solaris 8.0
- Sun Solaris 7.0
- Sun Solaris 2.6
BEA Systems Weblogic Server 6.0
- HP HP-UX 11.0
- HP HP-UX 10.20
- IBM AIX 4.3
- IBM AIX 4.2
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- RedHat Linux 5.1
- Sun Solaris 8.0
BUGTRAQ ID: 6378
BEA Systems WebLogic Server是一款企业级别WEB和无线应用服务程序,可使用在Windows和大多数Unix,Linux操作系统上。
Xerces parser用于解析包含文档类型定义的XML文档时存在问题,远程攻击者可以利用这个漏洞对服务进行拒绝服务攻击。
当Xerces解析器用于解析包含文档类型定义(Document Type Definitions (DTDs))的XML文档时会触发此漏洞。
WebLogic Integration由于允许用户指定DTDs,所以当处理XML文档时可导致问题发生。
下列版本的WebLogic Integration受此漏洞影响:
Version: BEA WebLogic Integration 2.1和7.0.
下列版本的BEA WebLogic Server和Express releases也受此漏洞影响:
BEA WebLogic Server and Express 6.0, 6.1, 7.0和7.0.0.1.
<*来源:BEA Systems Inc security advisory
链接:http://dev2dev.bea.com/resourcelibrary/advisoriesdetail.jsp?highlight=advisoriesnotifications&path=c
*>
建议:
厂商补丁:
BEA Systems
-----------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
BEA Systems WebLogic Integration 2.1:
BEA Systems Patch CR091862_610sp3.jar
ftp://ftpna.beasys.com/pub/releases/security/CR091862_610sp3.jar
这个补丁需要受此漏洞影响的用户升级到BEA WebLogic Server 6.1 Service Pack 3之后安装此补丁。
BEA Systems Weblogic Server 6.0 SP 2:
BEA Systems Patch CR091862_600sp2rp3.jar
ftp://ftpna.beasys.com/pub/releases/security/CR091862_600sp2rp3.jar
这个补丁需要受此漏洞影响的用户升级到WebLogic Server 6.0 Service Pack 2 Rolling Patch 3之后安装此补丁。
BEA Systems WebLogic Express 6.0 SP 2:
BEA Systems Patch CR091862_600sp2rp3.jar
ftp://ftpna.beasys.com/pub/releases/security/CR091862_600sp2rp3.jar
这个补丁需要受此漏洞影响的用户升级到WebLogic Server 6.0 Service Pack 2 Rolling Patch 3之后安装此补丁。
BEA Systems Weblogic Server 6.0 SP 1:
BEA Systems Patch CR091862_600sp2rp3.jar
ftp://ftpna.beasys.com/pub/releases/security/CR091862_600sp2rp3.jar
这个补丁需要受此漏洞影响的用户升级到WebLogic Server 6.0 Service Pack 2 Rolling Patch 3之后安装此补丁。
BEA Systems WebLogic Express 6.0 SP 1:
BEA Systems Patch CR091862_600sp2rp3.jar
ftp://ftpna.beasys.com/pub/releases/security/CR091862_600sp2rp3.jar
这个补丁需要受此漏洞影响的用户升级到WebLogic Server 6.0 Service Pack 2 Rolling Patch 3之后安装此补丁。
BEA Systems Weblogic Server 6.0:
BEA Systems Patch CR091862_600sp2rp3.jar
ftp://ftpna.beasys.com/pub/releases/security/CR091862_600sp2rp3.jar
这个补丁需要受此漏洞影响的用户升级到WebLogic Server 6.0 Service Pack 2 Rolling Patch 3之后安装此补丁。
BEA Systems WebLogic Express 6.0:
BEA Systems Patch CR091862_600sp2rp3.jar
ftp://ftpna.beasys.com/pub/releases/security/CR091862_600sp2rp3.jar
这个补丁需要受此漏洞影响的用户升级到WebLogic Server 6.0 Service Pack 2 Rolling Patch 3之后安装此补丁。
BEA Systems WebLogic Express 6.1 SP 3:
BEA Systems Upgrade CR091862_610sp4.jar
ftp://ftpna.beasys.com/pub/releases/security/CR091862_610sp4.jar
这个补丁需要受此漏洞影响的用户升级到WebLogic Server 6.1 Service Pack 4之后安装此补丁。
BEA Systems Weblogic Server 6.1 SP 3:
BEA Systems Upgrade CR091862_610sp4.jar
ftp://ftpna.beasys.com/pub/releases/security/CR091862_610sp4.jar
这个补丁需要受此漏洞影响的用户升级到WebLogic Server 6.1 Service Pack 4之后安装此补丁。
BEA Systems Weblogic Server 6.1 SP 2:
BEA Systems Upgrade CR091862_610sp4.jar
ftp://ftpna.beasys.com/pub/releases/security/CR091862_610sp4.jar
这个补丁需要受此漏洞影响的用户升级到WebLogic Server 6.1 Service Pack 4之后安装此补丁。
BEA Systems WebLogic Express 6.1 SP 2:
BEA Systems Upgrade CR091862_610sp4.jar
ftp://ftpna.beasys.com/pub/releases/security/CR091862_610sp4.jar
这个补丁需要受此漏洞影响的用户升级到WebLogic Server 6.1 Service Pack 4之后安装此补丁。
BEA Systems WebLogic Express 6.1 SP 1:
BEA Systems Upgrade CR091862_610sp4.jar
ftp://ftpna.beasys.com/pub/releases/security/CR091862_610sp4.jar
这个补丁需要受此漏洞影响的用户升级到WebLogic Server 6.1 Service Pack 4之后安装此补丁。
BEA Systems Weblogic Server 6.1 SP 1:
BEA Systems Upgrade CR091862_610sp4.jar
ftp://ftpna.beasys.com/pub/releases/security/CR091862_610sp4.jar
这个补丁需要受此漏洞影响的用户升级到WebLogic Server 6.1 Service Pack 4之后安装此补丁。
BEA Systems Weblogic Server 6.1:
BEA Systems Upgrade CR091862_610sp4.jar
ftp://ftpna.beasys.com/pub/releases/security/CR091862_610sp4.jar
这个补丁需要受此漏洞影响的用户升级到WebLogic Server 6.1 Service Pack 4之后安装此补丁。
BEA Systems WebLogic Express 6.1:
BEA Systems Upgrade CR091862_610sp4.jar
ftp://ftpna.beasys.com/pub/releases/security/CR091862_610sp4.jar
这个补丁需要受此漏洞影响的用户升级到WebLogic Server 6.1 Service Pack 4之后安装此补丁。
BEA Systems WebLogic Express 7.0 .0.1:
BEA Systems Weblogic Server 7.0 .0.1:
BEA Systems Patch CR091862_700sp1.jar
ftp://ftpna.beasys.com/pub/releases/security/CR091862_700sp1.jar
这个补丁需要受此漏洞影响的用户升级到WebLogic Server 7.0 Service Pack 1之后安装此补丁。
BEA Systems Weblogic Server 7.0 SP 1:
BEA Systems Patch CR091862_700sp1.jar
ftp://ftpna.beasys.com/pub/releases/security/CR091862_700sp1.jar
这个补丁需要受此漏洞影响的用户升级到WebLogic Server 7.0 Service Pack 1之后安装此补丁。
BEA Systems WebLogic Express 7.0 SP 1:
BEA Systems WebLogic Integration 7.0:
BEA Systems Patch CR091862_700sp1.jar
ftp://ftpna.beasys.com/pub/releases/security/CR091862_700sp1.jar
这个补丁需要受此漏洞影响的用户升级到WebLogic Server 7.0 Service Pack 1之后安装此补丁。
BEA Systems Weblogic Server 7.0:
BEA Systems Patch CR091862_700sp1.jar
ftp://ftpna.beasys.com/pub/releases/security/CR091862_700sp1.jar
这个补丁需要受此漏洞影响的用户升级到WebLogic Server 7.0 Service Pack 1之后安装此补丁。
浏览次数:3536
严重程度:0(网友投票)
绿盟科技给您安全的保障