Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:11171
HistoryJan 24, 2006 - 12:00 a.m.

[SA18593] BEA WebLogic Portal Information Disclosure and Security Bypass

2006-01-2400:00:00
vulners.com
7

TITLE:
BEA WebLogic Portal Information Disclosure and Security Bypass

SECUNIA ADVISORY ID:
SA18593

VERIFY ADVISORY:
http://secunia.com/advisories/18593/

CRITICAL:
Moderately critical

IMPACT:
Security Bypass, Exposure of system information, Exposure of
sensitive information

WHERE:
>From remote

SOFTWARE:
BEA WebLogic Portal 8.x
http://secunia.com/product/5149/

DESCRIPTION:
Two security issues and a vulnerability have been reported in
WebLogic Portal, which potentially can be exploited by malicious
people to disclose sensitive information and bypass certain security
restrictions.

1) Database passwords are stored in clear-text in the "config.xml"
file and may expose the database password for the RDBMS
Authentication provider to malicious users.

Successful exploitation requires that the site has configured the
RDBMS Authentication provider.

The security issue affects the following versions:

  • WebLogic Portal 8.1 through Service Pack 3 (all platforms)

2) The file source of an application's deployment descriptor is not
properly protected and can be disclosed via the web interface.

The security issue affects the following versions:

  • WebLogic Portal 8.1 through Service Pack 4 (all platforms)

3) An input validation error in WSRP (Web Services Remote Portlets)
may be exploited to access certain web resources not intended to be
accessed by requesting specially crafted URLs.

Successful exploitation requires that the site uses WSRP.

The vulnerability affects the following versions:

  • WebLogic Portal 8.1 Service Pack 3, Service Pack 4, and Service
    Pack 5

SOLUTION:
Update to WebLogic Portal 8.1 Service Pack 5 and apply patch:
ftp://ftpna.beasys.com/pub/releases/security/patch_CR229017_81SP5.zip

PROVIDED AND/OR DISCOVERED BY:
1-2) Reported by vendor.
3) The vendor credits EPAM Systems.

ORIGINAL ADVISORY:
1) http://dev2dev.bea.com/pub/advisory/167
2) http://dev2dev.bea.com/pub/advisory/169
3) http://dev2dev.bea.com/pub/advisory/172


About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/

Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.