首页 -> 安全研究
安全研究
安全漏洞
BEA WebLogic Server/Express未授权访问控制台漏洞
发布日期:2003-07-08
更新日期:2003-07-15
受影响系统:
BEA Systems WebLogic Express 8.1描述:
BEA Systems WebLogic Express 7.0.0.1 SP2
BEA Systems WebLogic Express 7.0.0.1 SP1
BEA Systems WebLogic Express 7.0.0.1
BEA Systems WebLogic Express 7.0 SP2
BEA Systems WebLogic Express 7.0 SP1
BEA Systems WebLogic Express 7.0
BEA Systems WebLogic Express 6.1 SP5
BEA Systems WebLogic Express 6.1 SP5
BEA Systems WebLogic Express 6.1 SP4
BEA Systems WebLogic Express 6.1 SP4
BEA Systems WebLogic Express 6.1 SP3
BEA Systems WebLogic Express 6.1 SP3
BEA Systems WebLogic Express 6.1 SP2
BEA Systems WebLogic Express 6.1 SP2
BEA Systems WebLogic Express 6.1 SP1
BEA Systems WebLogic Express 6.1 SP1
BEA Systems Weblogic Server 8.1
BEA Systems Weblogic Server 7.0.0.1 SP2
BEA Systems Weblogic Server 7.0.0.1 SP1
BEA Systems Weblogic Server 7.0.0.1
BEA Systems Weblogic Server 7.0 SP2
BEA Systems Weblogic Server 7.0 SP1
BEA Systems Weblogic Server 7.0
BEA Systems Weblogic Server 6.1 SP5
BEA Systems Weblogic Server 6.1 SP4
BEA Systems Weblogic Server 6.1 SP3
BEA Systems Weblogic Server 6.1 SP2
BEA Systems Weblogic Server 6.1 SP1
BEA Systems WebLogic Express for Win32 7.0.0.1 SP2
BEA Systems WebLogic Express for Win32 7.0.0.1 SP1
BEA Systems WebLogic Express for Win32 7.0.0.1
BEA Systems WebLogic Express for Win32 7.0 SP2
BEA Systems WebLogic Express for Win32 7.0 SP1
BEA Systems WebLogic Express for Win32 7.0
BEA Systems WebLogic Express for Win32 6.1 SP5
BEA Systems WebLogic Express for Win32 6.1 SP4
BEA Systems WebLogic Express for Win32 6.1 SP3
BEA Systems WebLogic Express for Win32 6.1 SP2
BEA Systems WebLogic Express for Win32 6.1 SP1
BEA Systems WebLogic Server for Win32 7.0.0.1 SP2
BEA Systems WebLogic Server for Win32 7.0.0.1 SP1
BEA Systems WebLogic Server for Win32 7.0.0.1
BEA Systems WebLogic Server for Win32 7.0 SP2
BEA Systems WebLogic Server for Win32 7.0 SP1
BEA Systems WebLogic Server for Win32 7.0
BEA Systems WebLogic Server for Win32 6.1 SP5
BEA Systems WebLogic Server for Win32 6.1 SP4
BEA Systems WebLogic Server for Win32 6.1 SP3
BEA Systems WebLogic Server for Win32 6.1 SP2
BEA Systems WebLogic Server for Win32 6.1 SP1
BEA Systems WebLogic Express 6.1
- HP HP-UX 11i
- HP HP-UX 11.0
- IBM AIX 4.3.3
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
BEA Systems Weblogic Server 6.1
- HP HP-UX 11i
- HP HP-UX 11.0
- IBM AIX 4.3.3
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- RedHat Linux 6.2
- RedHat Linux 6.1
- Sun Solaris 8.0
- Sun Solaris 7.0
- Sun Solaris 2.6
BEA Systems WebLogic Express for Win32 6.1
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
BEA Systems WebLogic Server for Win32 6.1
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
BUGTRAQ ID: 7124
BEA Systems WebLogic包含多种应用系统集成方案,包括Server/Express/Integration等。
WebLogic Server和Express的控制台访问存在安全问题,远程攻击者可以利用这个漏洞未授权访问控制台。
当防火墙,连接过滤器或者其他机制用于限制对控制台和MSI(managed server independence)的使用时存在安全问题。在部分环境条件下,攻击者通过MSI服务器监听的端口访问控制台。一般情况下,此问题只影响单个MSI的服务器配置,但是如果被MSI服务器与管理员服务器在同一机器上或者通过网络共享config.xml文件,就可能影响整个域。
<*来源:BEA SECURITY ADVISORY
链接:http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-34.jsp
*>
建议:
厂商补丁:
BEA Systems
-----------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
WebLogic Server和Express 7.0、7.0.0.1:
采用Service Pack 2并按照下面ZIP文件中包含的指示进行补丁安装:
ftp://ftpna.beasys.com/pub/releases/security/CR105624_70sp2.jar
当Service Pack 3可以下载时,可直接使用SP3来代替Service Pack 2及此补丁。
浏览次数:8446
严重程度:0(网友投票)
绿盟科技给您安全的保障