CVE-2004-0711
CVSS7.5
发布时间 :2004-07-27 00:00:00
修订时间 :2008-09-05 16:39:11
NMCOS    

[原文]The URL pattern matching feature in BEA WebLogic Server 6.x matches illegal patterns ending in "*" as wildcards as if they were the legal "/*" pattern, which could cause WebLogic 7.x to allow remote attackers to bypass intended access restrictions because the illegal patterns are properly rejected.


[CNNVD]BEA WebLogic Server/Express EJB非法URL模式绕过漏洞(CNNVD-200407-056)

        
        BEA Systems WebLogic包含多种应用系统集成方案,包括Server/Express/Integration等。
        WebLogic Server和WebLogic Express在处理非法URI匹配时存在问题,远程攻击者利用这个漏洞在某些情况下访问敏感资源。
        在WebLogic Server 6.x版本中,对于'/mydir*'的不合法URL模式一般处理为合法的/mydir/*模式,如果WebLogic Server 6.x版本Web应用程序使用的非法语法移植到WebLogic Server 7.x版本或之后版本,对非法语法的保护将失效,导致部分保护资源可被访问。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:bea:weblogic_server:7.0::win32
cpe:/a:bea:weblogic_server:8.1:sp1:expressBEA Systems WebLogic Express 8.1 SP1
cpe:/a:bea:weblogic_server:7.0:sp1
cpe:/a:bea:weblogic_server:7.0BEA Systems WebLogic Server 7.0
cpe:/a:bea:weblogic_server:7.0:sp2
cpe:/a:bea:weblogic_server:7.0:sp1:win32
cpe:/a:bea:weblogic_server:8.1:sp1:win32BEA Systems WebLogic Server 8.1 SP1 Win32
cpe:/a:bea:weblogic_server:8.1::win32
cpe:/a:bea:weblogic_server:8.1::express
cpe:/a:bea:weblogic_server:7.0:sp1:express
cpe:/a:bea:weblogic_server:8.1:sp1BEA Systems WebLogic Server 8.1 SP1
cpe:/a:bea:weblogic_server:7.0:sp4
cpe:/a:bea:weblogic_server:7.0:sp4:win32
cpe:/a:bea:weblogic_server:7.0:sp2:express
cpe:/a:bea:weblogic_server:7.0::express
cpe:/a:bea:weblogic_server:7.0:sp3:express
cpe:/a:bea:weblogic_server:7.0:sp2:win32
cpe:/a:bea:weblogic_server:7.0:sp3:win32
cpe:/a:bea:weblogic_server:7.0:sp4:express
cpe:/a:bea:weblogic_server:7.0:sp3
cpe:/a:bea:weblogic_server:8.1BEA Systems WebLogic Server 8.1

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0711
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0711
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200407-056
(官方数据源) CNNVD

- 其它链接及资源

http://www.kb.cert.org/vuls/id/184558
(VENDOR_ADVISORY)  CERT-VN  VU#184558
http://www.securityfocus.com/bid/10184
(VENDOR_ADVISORY)  BID  10184
http://xforce.iss.net/xforce/xfdb/15927
(VENDOR_ADVISORY)  XF  weblogic-urlpattern-obtain-information(15927)
http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_56.00.jsp
(UNKNOWN)  CONFIRM  http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_56.00.jsp

- 漏洞信息

BEA WebLogic Server/Express EJB非法URL模式绕过漏洞
高危 其他
2004-07-27 00:00:00 2005-10-20 00:00:00
远程  
        
        BEA Systems WebLogic包含多种应用系统集成方案,包括Server/Express/Integration等。
        WebLogic Server和WebLogic Express在处理非法URI匹配时存在问题,远程攻击者利用这个漏洞在某些情况下访问敏感资源。
        在WebLogic Server 6.x版本中,对于'/mydir*'的不合法URL模式一般处理为合法的/mydir/*模式,如果WebLogic Server 6.x版本Web应用程序使用的非法语法移植到WebLogic Server 7.x版本或之后版本,对非法语法的保护将失效,导致部分保护资源可被访问。
        

- 公告与补丁

        厂商补丁:
        BEA Systems
        -----------
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        BEA Systems WebLogic 6.1 SP6:
        BEA Systems Patch CR128888_61sp6.jar
        ftp://ftpna.beasys.com/pub/releases/security/CR128888_61sp6.jar
        BEA Systems Weblogic 8.1 SP 2:
        BEA Systems Patch CR128888_81sp2.jar
        ftp://ftpna.beasys.com/pub/releases/security/CR128888_81sp2.jar

- 漏洞信息

5570
BEA WebLogic URL Restriction Bypass Information Disclosure
Remote / Network Access Authentication Management, Information Disclosure, Input Manipulation
Loss of Confidentiality
Exploit Public

- 漏洞描述

BEA WebLogic Express and Server contains a flaw that may allow a malicious user to bypass the URL restrictions and potentially access protected resources. The issue is triggered when an URL request pattern ends in "dir*" rather than "/dir/*". It is possible that the flaw may allow unauthorized access to restricted URLs protected by specific URL pattern matching syntax, resulting in a loss of confidentiality.

- 时间线

2004-04-21 Unknow
2004-04-21 Unknow

- 解决方案

Upgrade to WebLogic Server and WebLogic Express version 8.1 SP2 or WebLogic Server and WebLogic Express version 7.0 SP5 or higher, as they have been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

BEA WebLogic Server and WebLogic Express Illegal URI Pattern Potential Bypass Vulnerability
Environment Error 10184
Yes No
2004-04-20 12:00:00 2009-07-12 04:06:00
This issue was disclosed by the vendor.

- 受影响的程序版本

BEA Systems WebLogic Server for Win32 8.1 SP 1
BEA Systems WebLogic Server for Win32 8.1
BEA Systems WebLogic Server for Win32 7.0 SP 4
BEA Systems WebLogic Server for Win32 7.0 SP 3
BEA Systems WebLogic Server for Win32 7.0 SP 2
BEA Systems WebLogic Server for Win32 7.0 SP 1
BEA Systems WebLogic Server for Win32 7.0
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Terminal Server 4.0 SP6
- Microsoft Windows NT Terminal Server 4.0 SP5
- Microsoft Windows NT Terminal Server 4.0 SP4
- Microsoft Windows NT Terminal Server 4.0 SP3
- Microsoft Windows NT Terminal Server 4.0 SP2
- Microsoft Windows NT Terminal Server 4.0 SP1
- Microsoft Windows NT Terminal Server 4.0
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
BEA Systems Weblogic Server 8.1 SP 1
BEA Systems Weblogic Server 8.1
BEA Systems Weblogic Server 7.0 SP 4
BEA Systems Weblogic Server 7.0 SP 3
BEA Systems Weblogic Server 7.0 SP 2
BEA Systems Weblogic Server 7.0 SP 1
BEA Systems Weblogic Server 7.0
- HP HP-UX 11.0
- HP HP-UX 11i v1
- IBM AIX 4.3.3
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- RedHat Linux 7.1 i386
- RedHat Linux 6.2 i386
- Sun Solaris 8_sparc
- Sun Solaris 2.7_sparc
- Sun Solaris 2.6_sparc
BEA Systems WebLogic Express for Win32 8.1 SP 1
BEA Systems WebLogic Express for Win32 8.1
BEA Systems WebLogic Express for Win32 7.0 SP 4
BEA Systems WebLogic Express for Win32 7.0 SP 3
BEA Systems WebLogic Express for Win32 7.0 SP 2
BEA Systems WebLogic Express for Win32 7.0 SP 1
BEA Systems WebLogic Express for Win32 7.0
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Terminal Server 4.0 SP6
- Microsoft Windows NT Terminal Server 4.0 SP5
- Microsoft Windows NT Terminal Server 4.0 SP4
- Microsoft Windows NT Terminal Server 4.0 SP3
- Microsoft Windows NT Terminal Server 4.0 SP2
- Microsoft Windows NT Terminal Server 4.0 SP1
- Microsoft Windows NT Terminal Server 4.0
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
BEA Systems WebLogic Express 8.1 SP 1
BEA Systems WebLogic Express 8.1
BEA Systems WebLogic Express 7.0 SP 4
BEA Systems WebLogic Express 7.0 SP 3
BEA Systems WebLogic Express 7.0 SP 2
BEA Systems WebLogic Express 7.0 SP 1
BEA Systems WebLogic Express 7.0
- HP HP-UX 11.0
- HP HP-UX 11i v1
- IBM AIX 4.3.3
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- RedHat Linux 7.1 i386
- RedHat Linux 6.2 i386
- Sun Solaris 8_sparc
- Sun Solaris 2.7_sparc
- Sun Solaris 2.6_sparc
BEA Systems WebLogic Server for Win32 8.1 SP 2
BEA Systems WebLogic Server for Win32 7.0 SP 5
BEA Systems Weblogic Server 8.1 SP 2
BEA Systems Weblogic Server 7.0 SP 5
BEA Systems WebLogic Express for Win32 8.1 SP 2
BEA Systems WebLogic Express for Win32 7.0 SP 5
BEA Systems WebLogic Express 8.1 SP 2
BEA Systems WebLogic Express 7.0 SP 5

- 不受影响的程序版本

BEA Systems WebLogic Server for Win32 8.1 SP 2
BEA Systems WebLogic Server for Win32 7.0 SP 5
BEA Systems Weblogic Server 8.1 SP 2
BEA Systems Weblogic Server 7.0 SP 5
BEA Systems WebLogic Express for Win32 8.1 SP 2
BEA Systems WebLogic Express for Win32 7.0 SP 5
BEA Systems WebLogic Express 8.1 SP 2
BEA Systems WebLogic Express 7.0 SP 5

- 漏洞讨论

It has been reported that WebLogic Server and WebLogic Express may be prone to a vulnerability that could allow a remote attacker to potentially gain access to sensitive resources. This issue results from a change in functionality that was deployed as part of WebLogic Server and Express versions 7.x and later. Users employing the illegal URI patterns for access controls and migrating to subsequent versions of the software could be affected by this issue.

- 漏洞利用

No exploit is required.

- 解决方案

BEA Systems has advised customers to upgrade to WebLogic Server and WebLogic Express version 8.1 Service Pack 2 or WebLogic Server and WebLogic Express version 7.0 Service Pack 5 depending on the version being used.


BEA Systems WebLogic Server for Win32 7.0 SP 4

BEA Systems Weblogic Server 7.0 SP 4

BEA Systems WebLogic Express for Win32 8.1

BEA Systems Weblogic Server 8.1 SP 1

BEA Systems WebLogic Express for Win32 8.1 SP 1

BEA Systems WebLogic Server for Win32 8.1 SP 1

BEA Systems WebLogic Server for Win32 8.1

BEA Systems Weblogic Server 8.1

BEA Systems WebLogic Express 8.1 SP 1

BEA Systems WebLogic Express 8.1

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站