CVE-2005-1747
CVSS6.8
发布时间 :2005-05-24 00:00:00
修订时间 :2016-10-17 23:22:08
NMCO    

[原文]Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through Service Pack 6, allow remote attackers to inject arbitrary web script or HTML, and possibly gain administrative privileges, via the (1) j_username or (2) j_password parameters in the login page (LoginForm.jsp), (3) parameters to the error page in the Administration Console, (4) unknown vectors in the Server Console while the administrator has an active session to obtain the ADMINCONSOLESESSION cookie, or (5) an alternate vector in the Server Console that does not require an active session but also leaks the username and password.


[CNNVD]BEA WebLogic Server和WebLogic Express多个远程漏洞(CNNVD-200505-1155)

        BEA WebLogic Server和Express 8.1至Service Pack 4和7.0至Service Pack 6版本存在多个跨站脚本攻击(XSS)漏洞,远程攻击者可以通过在登录页(LoginForm.jsp)内的(1) j_username或(2) j_password参数,(3)传给管理控制台内的错误页的参数,(4)当管理员有一个活动会话以获取cookie时的服务器控制台上的未知向量或者(5)服务器控制台上不需要活动会话但是也泄露用号码和密码的替代向量,注入任意Web脚本或HTML,并可能获取权限。

- CVSS (基础分值)

CVSS分值: 6.8 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:bea:weblogic_server:6.1BEA Systems WebLogic Server 6.1
cpe:/a:bea:weblogic_server:6.0BEA Systems WebLogic Server 6.0
cpe:/a:bea:weblogic_server:6.1:sp3BEA Systems WebLogic Server 6.1 SP3
cpe:/a:bea:weblogic_server:8.1BEA Systems WebLogic Server 8.1
cpe:/a:bea:weblogic_server:6.0:sp2
cpe:/a:bea:weblogic_server:8.1:sp1BEA Systems WebLogic Server 8.1 SP1
cpe:/a:bea:weblogic_server:6.0:sp1
cpe:/a:bea:weblogic_server:6.1:sp2BEA Systems WebLogic Server 6.1 SP2
cpe:/a:bea:weblogic_server:8.1:sp4BEA Systems WebLogic Server 8.1 SP4
cpe:/a:bea:weblogic_server:6.1:sp1BEA Systems WebLogic Server 6.1 SP1
cpe:/a:bea:weblogic_server:8.1:sp3BEA Systems WebLogic Server 8.1 SP3
cpe:/a:bea:weblogic_server:6.1:sp4BEA Systems WebLogic Server 6.1 SP4
cpe:/a:bea:weblogic_server:6.1:sp6BEA Systems WebLogic Server 6.1 SP6
cpe:/a:bea:weblogic_server:6.1:sp5BEA Systems WebLogic Server 6.1 SP5
cpe:/a:bea:weblogic_server:8.1:sp2BEA Systems WebLogic Server 8.1 SP2
cpe:/a:bea:weblogic_server:6.1:sp1:expressBEA Systems WebLogic Express 6.1 SP1
cpe:/a:bea:weblogic_server:6.1:sp4:win32BEA Systems WebLogic Server 6.1 SP4 Win32
cpe:/a:bea:weblogic_server:8.1:sp3:expressBEA Systems WebLogic Express 8.1 SP3
cpe:/a:bea:weblogic_server:6.0:sp1:express
cpe:/a:bea:weblogic_server:6.1:sp1:win32BEA Systems WebLogic Server 6.1 SP1 Win32
cpe:/a:bea:weblogic_server:6.1:sp2:expressBEA Systems WebLogic Express 6.1 SP2
cpe:/a:bea:weblogic_server:8.1:sp3:win32BEA Systems WebLogic Server 8.1 SP3 Win32
cpe:/a:bea:weblogic_server:8.1:sp4:expressBEA Systems WebLogic Express 8.1 SP4
cpe:/a:bea:weblogic_server:6.1:sp3:expressBEA Systems WebLogic Express 6.1 SP3
cpe:/a:bea:weblogic_server:7.0.0.1BEA Systems WebLogic Server 7.0.0.1
cpe:/a:bea:weblogic_server:6.1:sp3:win32BEA Systems WebLogic Server 6.1 SP3 Win32
cpe:/a:bea:weblogic_server:6.1:sp4:expressBEA Systems WebLogic Express 6.1 SP4
cpe:/a:bea:weblogic_server:7.0::win32
cpe:/a:bea:weblogic_server:8.1:sp2:win32BEA Systems WebLogic Server 8.1 SP2 Win32
cpe:/a:bea:weblogic_server:6.1:sp5:win32BEA Systems WebLogic Server 6.1 SP5 Win32
cpe:/a:bea:weblogic_server:6.0:sp1:win32
cpe:/a:bea:weblogic_server:6.1:sp2:win32BEA Systems WebLogic Server 6.1 SP2 Win32
cpe:/a:bea:weblogic_server:8.1:sp4:win32BEA Systems WebLogic Server 8.1 SP4 Win32
cpe:/a:bea:weblogic_server:6.0:sp2:win32
cpe:/a:bea:weblogic_server:8.1:sp1:win32BEA Systems WebLogic Server 8.1 SP1 Win32
cpe:/a:bea:weblogic_server:6.1:sp5:expressBEA Systems WebLogic Express 6.1 SP5
cpe:/a:bea:weblogic_server:6.0:sp2:express
cpe:/a:bea:weblogic_server:8.1:sp1:expressBEA Systems WebLogic Express 8.1 SP1
cpe:/a:bea:weblogic_server:8.1:sp2:expressBEA Systems WebLogic Express 8.1 SP2
cpe:/a:bea:weblogic_server:7.0.0.1:sp3:expressBEA Systems WebLogic Express 7.0.0.1 SP3
cpe:/a:bea:weblogic_server:7.0.0.1:sp4:expressBEA Systems WebLogic Express 7.0.0.1 SP4
cpe:/a:bea:weblogic_server:7.0.0.1:sp1:expressBEA Systems WebLogic Express 7.0.0.1 SP1
cpe:/a:bea:weblogic_server:7.0.0.1:sp2:expressBEA Systems WebLogic Express 7.0.0.1 SP2
cpe:/a:bea:weblogic_portal:8.0
cpe:/a:bea:weblogic_server:7.0::express
cpe:/a:bea:weblogic_server:7.0.0.1:sp2:win32BEA Systems WebLogic Server 7.0.0.1 SP2 Win32
cpe:/a:bea:weblogic_server:7.0.0.1:sp1:win32BEA Systems WebLogic Server 7.0.0.1 SP1 Win32
cpe:/a:bea:weblogic_server:7.0BEA Systems WebLogic Server 7.0
cpe:/a:bea:weblogic_server:7.0:sp3
cpe:/a:bea:weblogic_server:7.0.0.1::express
cpe:/a:bea:weblogic_server:7.0:sp2
cpe:/a:bea:weblogic_server:7.0:sp1
cpe:/a:bea:weblogic_server:7.0:sp4
cpe:/a:bea:weblogic_server:7.0:sp5
cpe:/a:bea:weblogic_server:6.1:sp6:win32BEA Systems WebLogic Server 6.1 SP6 Win32
cpe:/a:bea:weblogic_server:7.0.0.1:sp3BEA Systems WebLogic Server 7.0.0.1 SP3
cpe:/a:bea:weblogic_server:7.0:sp1:express
cpe:/a:bea:weblogic_server:7.0:sp4:win32
cpe:/a:bea:weblogic_server:7.0.0.1:sp4BEA Systems WebLogic Server 7.0.0.1 SP4
cpe:/a:bea:weblogic_server:7.0:sp1:win32
cpe:/a:bea:weblogic_server:7.0:sp2:express
cpe:/a:bea:weblogic_server:8.1::win32
cpe:/a:bea:weblogic_server:6.0::win32
cpe:/a:bea:weblogic_server:7.0:sp3:express
cpe:/a:bea:weblogic_server:8.1::express
cpe:/a:bea:weblogic_server:6.0::express
cpe:/a:bea:weblogic_server:6.1::win32
cpe:/a:bea:weblogic_server:7.0:sp3:win32
cpe:/a:bea:weblogic_server:7.0:sp4:express
cpe:/a:bea:weblogic_server:7.0:sp5:win32
cpe:/a:bea:weblogic_server:7.0:sp2:win32
cpe:/a:bea:weblogic_server:7.0:sp5:express
cpe:/a:bea:weblogic_server:7.0.0.1::win32
cpe:/a:bea:weblogic_server:6.1::express
cpe:/a:bea:weblogic_server:7.0.0.1:sp1BEA Systems WebLogic Server 7.0.0.1 SP1
cpe:/a:bea:weblogic_server:7.0.0.1:sp2BEA Systems WebLogic Server 7.0.0.1 SP2

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1747
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1747
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200505-1155
(官方数据源) CNNVD

- 其它链接及资源

http://dev2dev.bea.com/pub/advisory/130
(VENDOR_ADVISORY)  BEA  BEA05-80.00
http://marc.info/?l=bugtraq&m=111695844803328&w=2
(UNKNOWN)  BUGTRAQ  20050524 ACROS Security: HTML Injection in BEA WebLogic Server Console (2)
http://marc.info/?l=bugtraq&m=111695921212456&w=2
(UNKNOWN)  BUGTRAQ  20050524 ACROS Security: HTML Injection in BEA WebLogic Server Console (1)
http://marc.info/?l=bugtraq&m=111722298705561&w=2
(UNKNOWN)  BUGTRAQ  20050527 [AppSecInc Advisory BEA05-V0100] BEA WebLogic Administration Console error page cross-site scripting vulnerability
http://marc.info/?l=bugtraq&m=111722380313416&w=2
(UNKNOWN)  BUGTRAQ  20050527 [AppSecInc Advisory BEA05-V0101] BEA WebLogic Administration Console login page cross-site scripting vulnerability
http://securitytracker.com/id?1014049
(UNKNOWN)  SECTRACK  1014049
http://www.acrossecurity.com/aspr/ASPR-2005-05-24-1-PUB.txt
(UNKNOWN)  MISC  http://www.acrossecurity.com/aspr/ASPR-2005-05-24-1-PUB.txt
http://www.acrossecurity.com/aspr/ASPR-2005-05-24-2-PUB.txt
(UNKNOWN)  MISC  http://www.acrossecurity.com/aspr/ASPR-2005-05-24-2-PUB.txt
http://www.appsecinc.com/resources/alerts/general/BEA-001.html
(UNKNOWN)  MISC  http://www.appsecinc.com/resources/alerts/general/BEA-001.html
http://www.appsecinc.com/resources/alerts/general/BEA-002.html
(UNKNOWN)  MISC  http://www.appsecinc.com/resources/alerts/general/BEA-002.html
http://www.securityfocus.com/bid/13717
(UNKNOWN)  BID  13717
http://www.vupen.com/english/advisories/2005/0607
(UNKNOWN)  VUPEN  ADV-2005-0607

- 漏洞信息

BEA WebLogic Server和WebLogic Express多个远程漏洞
中危 跨站脚本
2005-05-24 00:00:00 2005-10-20 00:00:00
远程  
        BEA WebLogic Server和Express 8.1至Service Pack 4和7.0至Service Pack 6版本存在多个跨站脚本攻击(XSS)漏洞,远程攻击者可以通过在登录页(LoginForm.jsp)内的(1) j_username或(2) j_password参数,(3)传给管理控制台内的错误页的参数,(4)当管理员有一个活动会话以获取cookie时的服务器控制台上的未知向量或者(5)服务器控制台上不需要活动会话但是也泄露用号码和密码的替代向量,注入任意Web脚本或HTML,并可能获取权限。

- 公告与补丁

        暂无数据

- 漏洞信息

16838
BEA WebLogic Server Console Login Page XSS
Local Access Required, Remote / Network Access Input Manipulation
Loss of Confidentiality, Loss of Integrity
Exploit Public

- 漏洞描述

BEA WebLogic contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a cross-site scripting attack occurs by injecting malicious JavaScript in the login page so that when administrator logs in, his username, password and session identifier (ADMINCONSOLESESSION) are silently transmitted to the attacker's web server. This flaw may lead to a loss of confidentiality.

- 时间线

2005-05-24 Unknow
2005-05-24 Unknow

- 解决方案

Upgrade to version 8.1 Service Pack 4 or 7.0 Service Pack 6, and then apply the patches specified in the vendor advisory, as they have been reported to fix this vulnerability. Version 8.1 Service Pack 5 and 7.0 Service Pack 7 will include the fix when they are released. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站