CVE-2003-0733
CVSS6.8
发布时间 :2003-10-20 00:00:00
修订时间 :2008-09-05 16:35:06
NMCOS    

[原文]Multiple cross-site scripting (XSS) vulnerabilities in WebLogic Integration 7.0 and 2.0, Liquid Data 1.1, and WebLogic Server and Express 5.1 through 7.0, allow remote attackers to execute arbitrary web script and steal authentication credentials via (1) a forward instruction to the Servlet container or (2) other vulnerabilities in the WebLogic Server console application.


[CNNVD]Bea WebLogic/Liquid Data多个跨站脚本执行漏洞(CNNVD-200310-062)

        
        BEA Systems WebLogic包含多种应用系统集成方案,包括Server/Express/Integration和Liquid Data等。
        BEA Systems多个产品包含跨站脚本执行问题,远程攻击者可以利用这个漏洞获得用于基于验证的COOKIE信息或进行其他攻击。
        上述系统存在两个类型的XSS漏洞:
        1、问题存在于Servlet container中,当浏览器发送转发指令时可产生此漏洞,静态URL如" http://www.bea.com "不能被利用,只要当一些类似如下的动态URL请求时会触发跨站脚本执行问题:
        "http://www.bea.com?username=" + request.getParameter("user")
        任意应用程序在转发过程汇总支持动态生成URL会包含此漏洞。
        2、WebLogic Server控制台应用程序存在一系列漏洞。这些漏洞就针对一些拥有管理员权限的用户有威胁(如"Admin", "Monitor", "Deployer",和"Operator")。特权用户可以被诱骗点击URL而导致泄露敏感信息或者其他漏洞。
        

- CVSS (基础分值)

CVSS分值: 6.8 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: MEDIUM [漏洞利用存在一定的访问条件]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:bea:liquid_data:1.1BEA Systems Liquid Data 1.1
cpe:/a:bea:weblogic_server:7.0::express
cpe:/a:bea:weblogic_integration:2.0BEA Systems WebLogic Integration 2.0
cpe:/a:bea:weblogic_server:5.1BEA Systems WebLogic Server 5.1
cpe:/a:bea:weblogic_integration:7.0BEA Systems WebLogic Integration 7.0

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0733
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0733
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200310-062
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/8357
(VENDOR_ADVISORY)  BID  8357
http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/SA_BEA03_36.00.jsp
(UNKNOWN)  CONFIRM  http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/SA_BEA03_36.00.jsp

- 漏洞信息

Bea WebLogic/Liquid Data多个跨站脚本执行漏洞
中危 输入验证
2003-10-20 00:00:00 2005-10-20 00:00:00
远程  
        
        BEA Systems WebLogic包含多种应用系统集成方案,包括Server/Express/Integration和Liquid Data等。
        BEA Systems多个产品包含跨站脚本执行问题,远程攻击者可以利用这个漏洞获得用于基于验证的COOKIE信息或进行其他攻击。
        上述系统存在两个类型的XSS漏洞:
        1、问题存在于Servlet container中,当浏览器发送转发指令时可产生此漏洞,静态URL如" http://www.bea.com "不能被利用,只要当一些类似如下的动态URL请求时会触发跨站脚本执行问题:
        "http://www.bea.com?username=" + request.getParameter("user")
        任意应用程序在转发过程汇总支持动态生成URL会包含此漏洞。
        2、WebLogic Server控制台应用程序存在一系列漏洞。这些漏洞就针对一些拥有管理员权限的用户有威胁(如"Admin", "Monitor", "Deployer",和"Operator")。特权用户可以被诱骗点击URL而导致泄露敏感信息或者其他漏洞。
        

- 公告与补丁

        厂商补丁:
        BEA Systems
        -----------
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        BEA Systems WebLogic Integration 2.1:
        BEA Systems Patch tempPatchCR105536_WLI21SP2.zip
        ftp://ftpna.beasys.com/pub/releases/security/tempPatchCR105536_WLI21SP2.zip
        WebLogic Integration 2.1 patch requires prerequisite patches for WebLogic 6.1 SP 2 or SP 3.
        BEA Systems WebLogic Express 5.1 SP 13:
        BEA Systems Patch CR105007_510sp13.jar
        ftp://ftpna.beasys.com/pub/releases/security/CR105007_510sp13.jar
        Requires WebLogic 5.1 SP 13.
        BEA Systems Weblogic Server 5.1 SP 13:
        BEA Systems Patch CR105007_510sp13.jar
        ftp://ftpna.beasys.com/pub/releases/security/CR105007_510sp13.jar
        Requires WebLogic 5.1 SP 13.
        BEA Systems WebLogic Express for Win32 5.1 SP 13:
        BEA Systems Patch CR105007_510sp13.jar
        ftp://ftpna.beasys.com/pub/releases/security/CR105007_510sp13.jar
        Requires WebLogic 5.1 SP 13.
        BEA Systems WebLogic Server for Win32 5.1 SP 13:
        BEA Systems Patch CR105007_510sp13.jar
        ftp://ftpna.beasys.com/pub/releases/security/CR105007_510sp13.jar
        Requires WebLogic 5.1 SP 13.
        BEA Systems Weblogic Server 7.0 SP 3:
        BEA Systems Patch CR105443_70sp3.jar
        ftp://ftpna.beasys.com/pub/releases/security/CR105443_70sp3.jar
        Requires WebLogic 7.0 SP 3.
        BEA Systems WebLogic Express 7.0 SP 3:
        BEA Systems Patch CR105443_70sp3.jar
        ftp://ftpna.beasys.com/pub/releases/security/CR105443_70sp3.jar
        Requires WebLogic 7.0 SP 3.
        BEA Systems WebLogic Express for Win32 7.0 SP 3:
        BEA Systems Patch CR105443_70sp3.jar
        ftp://ftpna.beasys.com/pub/releases/security/CR105443_70sp3.jar
        Requires WebLogic 7.0 SP 3.
        BEA Systems WebLogic Server for Win32 7.0 SP 3:
        BEA Systems Patch CR105443_70sp3.jar
        ftp://ftpna.beasys.com/pub/releases/security/CR105443_70sp3.jar
        Requires WebLogic 7.0 SP 3.
        BEA Systems WebLogic Server for Win32 7.0 SP 2:
        BEA Systems Patch CR105443_70sp2-v2.jar
        ftp://ftpna.beasys.com/pub/releases/security/CR105443_70sp2-v2.jar
        Prerequisite for installing Liquid Data Rolling Patch 4 on BEA WebLogic 7.0 SP 2.
        BEA Systems Patch CR105443_70sp2-v2.jar
        ftp://ftpna.beasys.com/pub/releases/security/CR105443_70sp2-v2.jar
        Prerequisite patch for WebLogic 7.0 SP 2.
        BEA Systems WebLogic Express for Win32 7.0 SP 2:
        BEA Systems Patch CR105443_70sp2-v2.jar
        ftp://ftpna.beasys.com/pub/releases/security/CR105443_70sp2-v2.jar
        Prerequisite for installing Liquid Data Rolling Patch 4 on BEA WebLogic 7.0 SP 2.
        BEA Systems Patch CR105443_70sp2-v2.jar
        ftp://ftpna.beasys.com/pub/releases/security/CR105443_70sp2-v2.jar
        Prerequisite patch for WebLogic 7.0 SP 2.
        BEA Systems WebLogic Express 7.0 SP 2:
        BEA Systems Patch CR105443_70sp2-v2.jar
        ftp://ftpna.beasys.com/pub/releases/security/CR105443_70sp2-v2.jar
        Prerequisite for installing Liquid Data Rolling Patch 4 on BEA WebLogic 7.0 SP 2.
        BEA Systems Patch CR105443_70sp2-v2.jar
        ftp://ftpna.beasys.com/pub/releases/security/CR105443_70sp2-v2.jar
        Prerequisite patch for WebLogic 7.0 SP 2.
        BEA Systems Weblogic Server 7.0 SP 2:
        BEA Systems Patch CR105443_70sp2-v2.jar
        ftp://ftpna.beasys.com/pub/releases/security/CR105443_70sp2-v2.jar
        Prerequisite for installing Liquid Data Rolling Patch 4 on BEA WebLogic 7.0 SP 2.
        BEA Systems Patch CR105443_70sp2-v2.jar
        ftp://ftpna.beasys.com/pub/releases/security/CR105443_70sp2-v2.jar
        Prerequisite patch for WebLogic 7.0 SP 2.
        BEA Systems WebLogic Integration 7.0:
        BEA Systems Patch tempPatchCR103371_WLI70SP2.zip
        ftp://ftpna.beasys.com/pub/releases/security/tempPatchCR103371_WLI70SP2.zip
        WebLogic Integration 7.0 patch requires the prerequisite patch for WebLogic 7.0 SP 2.

- 漏洞信息

2125
BEA WebLogic/Liquid Data XSS
Remote / Network Access Input Manipulation
Loss of Integrity

- 漏洞描述

WebLogic Server, WebLogic Express, WebLogic Integration and WebLogic Liquid Data allow remote users to conduct Cross Site Scripting (XSS) attacks in sample and possibly custom applications. An attacker could exploit this vulnerability to steal the administrator's cookie-based authentication credentials, obtain other sensitive information, or perform actions as the administrator.

- 时间线

2003-08-07 Unknow
Unknow Unknow

- 解决方案

BEA strongly suggests that customers apply the remedies recommended in all our security advisories. BEA also urges customers to apply every Service Pack as they are released. Service Packs include a roll-up of all bug fixes for each version of the product, as well as each of the prior Service Packs. For WebLogic Integration 7.0 Apply the WebLogic Server patch to WebLogic Server 7.0 SP2 ftp://ftpna.beasys.com/pub/releases/security/CR105443_70sp2-v2.jar and apply the WebLogic Integration patch to WebLogic Integration 7.0 SP2 ftp://ftpna.beasys.com/pub/releases/security/tempPatchCR103371_WLI70SP2.zip When Service Pack 4 is available for WebLogic Integration and WebLogic Server, you can use that Service Pack instead of Service Pack 2 and these patches. For WebLogic Integration 2.1 running on WebLogic Server 6.1 Service Pack 3 Apply the WebLogic Server patch to WebLogic Server 6.1 SP3 ftp://ftpna.beasys.com/pub/releases/security/CR105443_610sp3.jar and apply the WebLogic Integration patch to WebLogic Integration 2.1 ftp://ftpna.beasys.com/pub/releases/security/tempPatchCR105536_WLI21SP2.zip For WebLogic Integration 2.1 running on WebLogic Server 6.1 Service Pack 2 Apply the WebLogic Server patch to WebLogic Server 6.1 SP2 ftp://ftpna.beasys.com/pub/releases/security/CR105443_610sp2.jar and apply the WebLogic Integration patch to WebLogic Integration 2.1 ftp://ftpna.beasys.com/pub/releases/security/tempPatchCR105536_WLI21SP2.zip For Liquid Data 1.1 Apply the WebLogic Server patch to WebLogic Server 7.0 SP2 ftp://ftpna.beasys.com/pub/releases/security/CR105443_70sp2-v2.jar and upgrade to Liquid Data Rolling Patch 4. For WebLogic Server 7.0 Upgrade to Service Pack 3 and apply the patch ftp://ftpna.beasys.com/pub/releases/security/CR105443_70sp3.jar When Service Pack 4 is available, you can use that Service Pack instead of Service Pack 3 and this patch. For WebLogic Server 6.1 Upgrade to Service Pack 5 and apply the patch ftp://ftpna.beasys.com/pub/releases/security/CR105443_610sp5.jar When Service Pack 6 is available, you can use that Service Pack instead of Service Pack 5 and this patch. For WebLogic Server 5.1 Upgrade to Service Pack 13 and apply the patch ftp://ftpna.beasys.com/pub/releases/security/CR105007_510sp13.jar

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Bea WebLogic/Liquid Data Multiple Cross-Site Scripting Vulnerabilities
Input Validation Error 8357
Yes No
2003-08-07 12:00:00 2009-07-11 10:56:00
These issues were reported by the vendor.

- 受影响的程序版本

BEA Systems WebLogic Server for Win32 7.0 SP 3
BEA Systems WebLogic Server for Win32 7.0 SP 2
BEA Systems WebLogic Server for Win32 7.0 SP 1
BEA Systems WebLogic Server for Win32 7.0
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Terminal Server 4.0 SP6
- Microsoft Windows NT Terminal Server 4.0 SP5
- Microsoft Windows NT Terminal Server 4.0 SP4
- Microsoft Windows NT Terminal Server 4.0 SP3
- Microsoft Windows NT Terminal Server 4.0 SP2
- Microsoft Windows NT Terminal Server 4.0 SP1
- Microsoft Windows NT Terminal Server 4.0
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
BEA Systems WebLogic Server for Win32 5.1 SP 9
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Terminal Server 4.0 SP6
- Microsoft Windows NT Terminal Server 4.0 SP5
- Microsoft Windows NT Terminal Server 4.0 SP4
- Microsoft Windows NT Terminal Server 4.0 SP3
- Microsoft Windows NT Terminal Server 4.0 SP2
- Microsoft Windows NT Terminal Server 4.0 SP1
- Microsoft Windows NT Terminal Server 4.0
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
BEA Systems WebLogic Server for Win32 5.1 SP 8
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Terminal Server 4.0 SP6
- Microsoft Windows NT Terminal Server 4.0 SP5
- Microsoft Windows NT Terminal Server 4.0 SP4
- Microsoft Windows NT Terminal Server 4.0 SP3
- Microsoft Windows NT Terminal Server 4.0 SP2
- Microsoft Windows NT Terminal Server 4.0 SP1
- Microsoft Windows NT Terminal Server 4.0
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
BEA Systems WebLogic Server for Win32 5.1 SP 7
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Terminal Server 4.0 SP6
- Microsoft Windows NT Terminal Server 4.0 SP5
- Microsoft Windows NT Terminal Server 4.0 SP4
- Microsoft Windows NT Terminal Server 4.0 SP3
- Microsoft Windows NT Terminal Server 4.0 SP2
- Microsoft Windows NT Terminal Server 4.0 SP1
- Microsoft Windows NT Terminal Server 4.0
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
BEA Systems WebLogic Server for Win32 5.1 SP 6
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Terminal Server 4.0 SP6
- Microsoft Windows NT Terminal Server 4.0 SP5
- Microsoft Windows NT Terminal Server 4.0 SP4
- Microsoft Windows NT Terminal Server 4.0 SP3
- Microsoft Windows NT Terminal Server 4.0 SP2
- Microsoft Windows NT Terminal Server 4.0 SP1
- Microsoft Windows NT Terminal Server 4.0
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
BEA Systems WebLogic Server for Win32 5.1 SP 5
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Terminal Server 4.0 SP6
- Microsoft Windows NT Terminal Server 4.0 SP5
- Microsoft Windows NT Terminal Server 4.0 SP4
- Microsoft Windows NT Terminal Server 4.0 SP3
- Microsoft Windows NT Terminal Server 4.0 SP2
- Microsoft Windows NT Terminal Server 4.0 SP1
- Microsoft Windows NT Terminal Server 4.0
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
BEA Systems WebLogic Server for Win32 5.1 SP 4
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Terminal Server 4.0 SP6
- Microsoft Windows NT Terminal Server 4.0 SP5
- Microsoft Windows NT Terminal Server 4.0 SP4
- Microsoft Windows NT Terminal Server 4.0 SP3
- Microsoft Windows NT Terminal Server 4.0 SP2
- Microsoft Windows NT Terminal Server 4.0 SP1
- Microsoft Windows NT Terminal Server 4.0
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
BEA Systems WebLogic Server for Win32 5.1 SP 3
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Terminal Server 4.0 SP6
- Microsoft Windows NT Terminal Server 4.0 SP5
- Microsoft Windows NT Terminal Server 4.0 SP4
- Microsoft Windows NT Terminal Server 4.0 SP3
- Microsoft Windows NT Terminal Server 4.0 SP2
- Microsoft Windows NT Terminal Server 4.0 SP1
- Microsoft Windows NT Terminal Server 4.0
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
BEA Systems WebLogic Server for Win32 5.1 SP 2
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Terminal Server 4.0 SP6
- Microsoft Windows NT Terminal Server 4.0 SP5
- Microsoft Windows NT Terminal Server 4.0 SP4
- Microsoft Windows NT Terminal Server 4.0 SP3
- Microsoft Windows NT Terminal Server 4.0 SP2
- Microsoft Windows NT Terminal Server 4.0 SP1
- Microsoft Windows NT Terminal Server 4.0
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
BEA Systems WebLogic Server for Win32 5.1 SP 13
BEA Systems WebLogic Server for Win32 5.1 SP 12
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Terminal Server 4.0 SP6
- Microsoft Windows NT Terminal Server 4.0 SP5
- Microsoft Windows NT Terminal Server 4.0 SP4
- Microsoft Windows NT Terminal Server 4.0 SP3
- Microsoft Windows NT Terminal Server 4.0 SP2
- Microsoft Windows NT Terminal Server 4.0 SP1
- Microsoft Windows NT Terminal Server 4.0
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
BEA Systems WebLogic Server for Win32 5.1 SP 11
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Terminal Server 4.0 SP6
- Microsoft Windows NT Terminal Server 4.0 SP5
- Microsoft Windows NT Terminal Server 4.0 SP4
- Microsoft Windows NT Terminal Server 4.0 SP3
- Microsoft Windows NT Terminal Server 4.0 SP2
- Microsoft Windows NT Terminal Server 4.0 SP1
- Microsoft Windows NT Terminal Server 4.0
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
BEA Systems WebLogic Server for Win32 5.1 SP 10
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1

- 漏洞讨论

BEA Systems has reported multiple cross-site scripting vulnerabilities in BEA WebLogic Express/Server, WebLogic Integration and Liquid Data. These issues can be exploited by enticing a legitimate user into following a malicious link to a vulnerable site. HTML and script code included in such a link may be rendered in the web browser of the victim user.

Exploitation could allow for theft of cookie-based authentication credentials or other attacks.

- 漏洞利用

There is no exploit required.

- 解决方案

BEA Systems has released patches for these issues. Please see the attached BEA advisory for detailed instructions on how to obtain or apply patches.

Please contact the vendor for details on obtaining Liquid Data Rolling Patch 4, which fixes Liquid Data 1.1 and has certain prerequisites before installing.

BEA Systems has released the following fixes:


BEA Systems WebLogic Integration 2.1

BEA Systems Weblogic Server 5.1 SP 13

BEA Systems WebLogic Express 5.1 SP 13

BEA Systems WebLogic Server for Win32 5.1 SP 13

BEA Systems WebLogic Express for Win32 5.1 SP 13

BEA Systems WebLogic Express 7.0 SP 2

BEA Systems Weblogic Server 7.0 SP 3

BEA Systems Weblogic Server 7.0 SP 2

BEA Systems WebLogic Express 7.0 SP 3

BEA Systems WebLogic Express for Win32 7.0 SP 2

BEA Systems WebLogic Server for Win32 7.0 SP 2

BEA Systems WebLogic Integration 7.0

BEA Systems WebLogic Server for Win32 7.0 SP 3

BEA Systems WebLogic Express for Win32 7.0 SP 3

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站