安全研究

安全漏洞
Bea WebLogic/Liquid Data多个跨站脚本执行漏洞

发布日期:2003-08-07
更新日期:2003-08-14

受影响系统:
BEA Systems WebLogic Express 7.0 SP3
BEA Systems WebLogic Express 7.0 SP2
BEA Systems WebLogic Express 7.0 SP1
BEA Systems WebLogic Express 7.0
BEA Systems WebLogic Express 5.1 SP9
BEA Systems WebLogic Express 5.1 SP8
BEA Systems WebLogic Express 5.1 SP7
BEA Systems WebLogic Express 5.1 SP6
BEA Systems WebLogic Express 5.1 SP5
BEA Systems WebLogic Express 5.1 SP4
BEA Systems WebLogic Express 5.1 SP3
BEA Systems WebLogic Express 5.1 SP2
BEA Systems WebLogic Express 5.1 SP13
BEA Systems WebLogic Express 5.1 SP12
BEA Systems WebLogic Express 5.1 SP11
BEA Systems WebLogic Express 5.1 SP10
BEA Systems WebLogic Express 5.1 SP1
BEA Systems Weblogic Server 7.0 SP3
BEA Systems Weblogic Server 7.0 SP2
BEA Systems Weblogic Server 7.0 SP1
BEA Systems Weblogic Server 7.0
BEA Systems Weblogic Server 5.1 SP9
BEA Systems Weblogic Server 5.1 SP8
BEA Systems Weblogic Server 5.1 SP7
BEA Systems Weblogic Server 5.1 SP6
BEA Systems Weblogic Server 5.1 SP5
BEA Systems Weblogic Server 5.1 SP4
BEA Systems Weblogic Server 5.1 SP3
BEA Systems Weblogic Server 5.1 SP2
BEA Systems Weblogic Server 5.1 SP13
BEA Systems Weblogic Server 5.1 SP12
BEA Systems Weblogic Server 5.1 SP11
BEA Systems Weblogic Server 5.1 SP10
BEA Systems Weblogic Server 5.1 SP1
BEA Systems Weblogic Server 5.1
BEA Systems WebLogic Express for Win32 7.0 SP3
BEA Systems WebLogic Express for Win32 7.0 SP2
BEA Systems WebLogic Express for Win32 7.0 SP1
BEA Systems WebLogic Express for Win32 7.0
BEA Systems WebLogic Express for Win32 5.1 SP 9
BEA Systems WebLogic Express for Win32 5.1 SP 8
BEA Systems WebLogic Express for Win32 5.1 SP 7
BEA Systems WebLogic Express for Win32 5.1 SP 6
BEA Systems WebLogic Express for Win32 5.1 SP 5
BEA Systems WebLogic Express for Win32 5.1 SP 4
BEA Systems WebLogic Express for Win32 5.1 SP 3
BEA Systems WebLogic Express for Win32 5.1 SP 2
BEA Systems WebLogic Express for Win32 5.1 SP 13
BEA Systems WebLogic Express for Win32 5.1 SP 12
BEA Systems WebLogic Express for Win32 5.1 SP 11
BEA Systems WebLogic Express for Win32 5.1 SP 10
BEA Systems WebLogic Express for Win32 5.1 SP 1
BEA Systems Integration 7.0 SP1
BEA Systems Integration 7.0
BEA Systems Integration 2.1
BEA Systems WebLogic Server for Win32 7.0 SP3
BEA Systems WebLogic Server for Win32 7.0 SP2
BEA Systems WebLogic Server for Win32 7.0 SP1
BEA Systems WebLogic Server for Win32 7.0
BEA Systems WebLogic Server for Win32 5.1 SP9
BEA Systems WebLogic Server for Win32 5.1 SP8
BEA Systems WebLogic Server for Win32 5.1 SP7
BEA Systems WebLogic Server for Win32 5.1 SP6
BEA Systems WebLogic Server for Win32 5.1 SP5
BEA Systems WebLogic Server for Win32 5.1 SP4
BEA Systems WebLogic Server for Win32 5.1 SP3
BEA Systems WebLogic Server for Win32 5.1 SP2
BEA Systems WebLogic Server for Win32 5.1 SP13
BEA Systems WebLogic Server for Win32 5.1 SP12
BEA Systems WebLogic Server for Win32 5.1 SP11
BEA Systems WebLogic Server for Win32 5.1 SP10
BEA Systems WebLogic Server for Win32 5.1 SP1
BEA Systems WebLogic Server for Win32 5.1
BEA Systems Liquid Data 1.1
BEA Systems WebLogic Express 5.1
    - HP HP-UX 11i
    - HP HP-UX 11.0
    - IBM AIX 4.3.3
    - Microsoft Windows NT 4.0 SP6a
    - Microsoft Windows NT 4.0 SP6
    - Microsoft Windows NT 4.0 SP5
    - Microsoft Windows NT 4.0 SP4
    - Microsoft Windows NT 4.0 SP3
    - Microsoft Windows NT 4.0 SP2
    - Microsoft Windows NT 4.0 SP1
    - Microsoft Windows NT 4.0
    - Microsoft Windows 2000 Professional SP2
    - Microsoft Windows 2000 Professional SP1
    - Microsoft Windows 2000 Professional
    - Microsoft Windows 2000 Datacenter Server SP2
    - Microsoft Windows 2000 Datacenter Server SP1
    - Microsoft Windows 2000 Datacenter Server
    - Microsoft Windows 2000 Advanced Server SP2
    - Microsoft Windows 2000 Advanced Server SP1
    - Microsoft Windows 2000 Advanced Server
    - RedHat Linux 7.1
    - RedHat Linux 6.2
    - Sun Solaris 8.0
    - Sun Solaris 7.0
    - Sun Solaris 2.6
BEA Systems WebLogic Express for Win32 5.1
    - Microsoft Windows NT 4.0 SP6a
    - Microsoft Windows NT 4.0 SP6
    - Microsoft Windows NT 4.0 SP5
    - Microsoft Windows NT 4.0 SP4
    - Microsoft Windows NT 4.0 SP3
    - Microsoft Windows NT 4.0 SP2
    - Microsoft Windows NT 4.0 SP1
    - Microsoft Windows NT 4.0
    - Microsoft Windows 2000 Professional SP2
    - Microsoft Windows 2000 Professional SP1
    - Microsoft Windows 2000 Professional
    - Microsoft Windows 2000 Datacenter Server SP2
    - Microsoft Windows 2000 Datacenter Server SP1
    - Microsoft Windows 2000 Datacenter Server
    - Microsoft Windows 2000 Advanced Server SP2
    - Microsoft Windows 2000 Advanced Server SP1
    - Microsoft Windows 2000 Advanced Server
描述:
BUGTRAQ  ID: 8357
CVE(CAN) ID: CVE-2003-0733

BEA Systems WebLogic包含多种应用系统集成方案,包括Server/Express/Integration和Liquid Data等。

BEA Systems多个产品包含跨站脚本执行问题,远程攻击者可以利用这个漏洞获得用于基于验证的COOKIE信息或进行其他攻击。

上述系统存在两个类型的XSS漏洞:

1、问题存在于Servlet container中,当浏览器发送转发指令时可产生此漏洞,静态URL如" http://www.bea.com "不能被利用,只要当一些类似如下的动态URL请求时会触发跨站脚本执行问题:

"http://www.bea.com?username=" + request.getParameter("user")

任意应用程序在转发过程汇总支持动态生成URL会包含此漏洞。

2、WebLogic Server控制台应用程序存在一系列漏洞。这些漏洞就针对一些拥有管理员权限的用户有威胁(如"Admin", "Monitor", "Deployer",和"Operator")。特权用户可以被诱骗点击URL而导致泄露敏感信息或者其他漏洞。

<*来源:BEA SECURITY ADVISORY
  
  链接:http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/SA_BEA03_36.00.jsp
*>

建议:
厂商补丁:

BEA Systems
-----------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

BEA Systems WebLogic Integration 2.1:

BEA Systems Patch tempPatchCR105536_WLI21SP2.zip
ftp://ftpna.beasys.com/pub/releases/security/tempPatchCR105536_WLI21SP2.zip
WebLogic Integration 2.1 patch requires prerequisite patches for WebLogic 6.1 SP 2 or SP 3.

BEA Systems WebLogic Express 5.1 SP 13:

BEA Systems Patch CR105007_510sp13.jar
ftp://ftpna.beasys.com/pub/releases/security/CR105007_510sp13.jar
Requires WebLogic 5.1 SP 13.

BEA Systems Weblogic Server 5.1 SP 13:

BEA Systems Patch CR105007_510sp13.jar
ftp://ftpna.beasys.com/pub/releases/security/CR105007_510sp13.jar
Requires WebLogic 5.1 SP 13.

BEA Systems WebLogic Express for Win32 5.1 SP 13:

BEA Systems Patch CR105007_510sp13.jar
ftp://ftpna.beasys.com/pub/releases/security/CR105007_510sp13.jar
Requires WebLogic 5.1 SP 13.

BEA Systems WebLogic Server for Win32 5.1 SP 13:

BEA Systems Patch CR105007_510sp13.jar
ftp://ftpna.beasys.com/pub/releases/security/CR105007_510sp13.jar
Requires WebLogic 5.1 SP 13.

BEA Systems Weblogic Server 7.0 SP 3:

BEA Systems Patch CR105443_70sp3.jar
ftp://ftpna.beasys.com/pub/releases/security/CR105443_70sp3.jar
Requires WebLogic 7.0 SP 3.

BEA Systems WebLogic Express 7.0 SP 3:

BEA Systems Patch CR105443_70sp3.jar
ftp://ftpna.beasys.com/pub/releases/security/CR105443_70sp3.jar
Requires WebLogic 7.0 SP 3.

BEA Systems WebLogic Express for Win32 7.0 SP 3:

BEA Systems Patch CR105443_70sp3.jar
ftp://ftpna.beasys.com/pub/releases/security/CR105443_70sp3.jar
Requires WebLogic 7.0 SP 3.

BEA Systems WebLogic Server for Win32 7.0 SP 3:

BEA Systems Patch CR105443_70sp3.jar
ftp://ftpna.beasys.com/pub/releases/security/CR105443_70sp3.jar
Requires WebLogic 7.0 SP 3.

BEA Systems WebLogic Server for Win32 7.0 SP 2:

BEA Systems Patch CR105443_70sp2-v2.jar
ftp://ftpna.beasys.com/pub/releases/security/CR105443_70sp2-v2.jar
Prerequisite for installing Liquid Data Rolling Patch 4 on BEA WebLogic 7.0 SP 2.

BEA Systems Patch CR105443_70sp2-v2.jar
ftp://ftpna.beasys.com/pub/releases/security/CR105443_70sp2-v2.jar
Prerequisite patch for WebLogic 7.0 SP 2.

BEA Systems WebLogic Express for Win32 7.0 SP 2:

BEA Systems Patch CR105443_70sp2-v2.jar
ftp://ftpna.beasys.com/pub/releases/security/CR105443_70sp2-v2.jar
Prerequisite for installing Liquid Data Rolling Patch 4 on BEA WebLogic 7.0 SP 2.

BEA Systems Patch CR105443_70sp2-v2.jar
ftp://ftpna.beasys.com/pub/releases/security/CR105443_70sp2-v2.jar
Prerequisite patch for WebLogic 7.0 SP 2.

BEA Systems WebLogic Express 7.0 SP 2:

BEA Systems Patch CR105443_70sp2-v2.jar
ftp://ftpna.beasys.com/pub/releases/security/CR105443_70sp2-v2.jar
Prerequisite for installing Liquid Data Rolling Patch 4 on BEA WebLogic 7.0 SP 2.

BEA Systems Patch CR105443_70sp2-v2.jar
ftp://ftpna.beasys.com/pub/releases/security/CR105443_70sp2-v2.jar
Prerequisite patch for WebLogic 7.0 SP 2.

BEA Systems Weblogic Server 7.0 SP 2:

BEA Systems Patch CR105443_70sp2-v2.jar
ftp://ftpna.beasys.com/pub/releases/security/CR105443_70sp2-v2.jar
Prerequisite for installing Liquid Data Rolling Patch 4 on BEA WebLogic 7.0 SP 2.

BEA Systems Patch CR105443_70sp2-v2.jar
ftp://ftpna.beasys.com/pub/releases/security/CR105443_70sp2-v2.jar
Prerequisite patch for WebLogic 7.0 SP 2.

BEA Systems WebLogic Integration 7.0:

BEA Systems Patch tempPatchCR103371_WLI70SP2.zip
ftp://ftpna.beasys.com/pub/releases/security/tempPatchCR103371_WLI70SP2.zip
WebLogic Integration 7.0 patch requires the prerequisite patch for WebLogic 7.0 SP 2.

浏览次数:4336
严重程度:0(网友投票)
本安全漏洞由绿盟科技翻译整理,版权所有,未经许可,不得转载
绿盟科技给您安全的保障