CVE-2005-4761
CVSS1.2
发布时间 :2005-12-31 00:00:00
修订时间 :2008-09-05 16:57:45
NMCOS    

[原文]BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP5 and earlier, and 6.1 SP7 and earlier log the Java command line at server startup, which might include sensitive information (passwords or keyphrases) in the server log file when the -D option is used.


[CNNVD]BEA WebLogic Server和WebLogic Express多个安全漏洞(CNNVD-200512-688)

        BEA Systems WebLogic包含多种应用系统集成方案,包括Server/Express/Integration等。
        BEA发布了24个安全公告,描述了各种影响BEA WebLogic Server和WebLogic Express的漏洞,包括口令泄漏、跨站脚本、拒绝服务等。本地或远程攻击者可以利用这些漏洞破坏计算机的保密性、完整性等,最终导致完全入侵有漏洞的机器。

- CVSS (基础分值)

CVSS分值: 1.2 [轻微(LOW)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: HIGH [漏洞利用存在特定的访问条件]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:bea:weblogic_server:6.1:sp7BEA Systems WebLogic Server 6.1 SP7
cpe:/a:bea:weblogic_server:6.1:sp1BEA Systems WebLogic Server 6.1 SP1
cpe:/a:bea:weblogic_server:7.0:sp2
cpe:/a:bea:weblogic_server:6.1:sp6BEA Systems WebLogic Server 6.1 SP6
cpe:/a:bea:weblogic_server:7.0:sp5:express
cpe:/a:bea:weblogic_server:8.1:sp1:win32BEA Systems WebLogic Server 8.1 SP1 Win32
cpe:/a:bea:weblogic_server:8.1:sp4BEA Systems WebLogic Server 8.1 SP4
cpe:/a:bea:weblogic_server:6.1:sp3:win32BEA Systems WebLogic Server 6.1 SP3 Win32
cpe:/a:bea:weblogic_server:6.1:sp4:win32BEA Systems WebLogic Server 6.1 SP4 Win32
cpe:/a:bea:weblogic_server:6.1:sp3:expressBEA Systems WebLogic Express 6.1 SP3
cpe:/a:bea:weblogic_server:7.0:sp2:win32
cpe:/a:bea:weblogic_server:7.0:sp4:express
cpe:/a:bea:weblogic_server:7.0:sp1
cpe:/a:bea:weblogic_server:7.0BEA Systems WebLogic Server 7.0
cpe:/a:bea:weblogic_server:7.0:sp1:win32
cpe:/a:bea:weblogic_server:6.1BEA Systems WebLogic Server 6.1
cpe:/a:bea:weblogic_server:8.1:sp3:win32BEA Systems WebLogic Server 8.1 SP3 Win32
cpe:/a:bea:weblogic_server:8.1:sp3:expressBEA Systems WebLogic Express 8.1 SP3
cpe:/a:bea:weblogic_server:8.1:sp2:win32BEA Systems WebLogic Server 8.1 SP2 Win32
cpe:/a:bea:weblogic_server:6.1:sp5:expressBEA Systems WebLogic Express 6.1 SP5
cpe:/a:bea:weblogic_server:6.1:sp1:win32BEA Systems WebLogic Server 6.1 SP1 Win32
cpe:/a:bea:weblogic_server:6.1:sp5BEA Systems WebLogic Server 6.1 SP5
cpe:/a:bea:weblogic_server:6.1:sp4BEA Systems WebLogic Server 6.1 SP4
cpe:/a:bea:weblogic_server:7.0:sp4:win32
cpe:/a:bea:weblogic_server:7.0::win32
cpe:/a:bea:weblogic_server:8.1:sp1:expressBEA Systems WebLogic Express 8.1 SP1
cpe:/a:bea:weblogic_server:6.1:sp2:win32BEA Systems WebLogic Server 6.1 SP2 Win32
cpe:/a:bea:weblogic_server:6.1::express
cpe:/a:bea:weblogic_server:7.0:sp5:win32
cpe:/a:bea:weblogic_server:8.1::express
cpe:/a:bea:weblogic_server:6.1:sp1:expressBEA Systems WebLogic Express 6.1 SP1
cpe:/a:bea:weblogic_server:7.0:sp1:express
cpe:/a:bea:weblogic_server:6.1:sp2:expressBEA Systems WebLogic Express 6.1 SP2
cpe:/a:bea:weblogic_server:8.1:sp1BEA Systems WebLogic Server 8.1 SP1
cpe:/a:bea:weblogic_server:8.1:sp4:expressBEA Systems WebLogic Express 8.1 SP4
cpe:/a:bea:weblogic_server:7.0::express
cpe:/a:bea:weblogic_server:8.1:sp3BEA Systems WebLogic Server 8.1 SP3
cpe:/a:bea:weblogic_server:6.1::win32
cpe:/a:bea:weblogic_server:7.0:sp3:win32
cpe:/a:bea:weblogic_server:7.0:sp3
cpe:/a:bea:weblogic_server:6.1:sp5:win32BEA Systems WebLogic Server 6.1 SP5 Win32
cpe:/a:bea:weblogic_server:7.0:sp5
cpe:/a:bea:weblogic_server:6.1:sp2BEA Systems WebLogic Server 6.1 SP2
cpe:/a:bea:weblogic_server:8.1:sp2:expressBEA Systems WebLogic Express 8.1 SP2
cpe:/a:bea:weblogic_server:6.1:sp7:win32BEA Systems WebLogic Server 6.1 SP7 Win32
cpe:/a:bea:weblogic_server:6.1:sp6:expressBEA Systems WebLogic Express 6.1 SP6
cpe:/a:bea:weblogic_server:6.1:sp3BEA Systems WebLogic Server 6.1 SP3
cpe:/a:bea:weblogic_server:8.1::win32
cpe:/a:bea:weblogic_server:6.1:sp6:win32BEA Systems WebLogic Server 6.1 SP6 Win32
cpe:/a:bea:weblogic_server:6.1:sp4:expressBEA Systems WebLogic Express 6.1 SP4
cpe:/a:bea:weblogic_server:6.1:sp7:expressBEA Systems WebLogic Express 6.1 SP7
cpe:/a:bea:weblogic_server:7.0:sp4
cpe:/a:bea:weblogic_server:8.1:sp4:win32BEA Systems WebLogic Server 8.1 SP4 Win32
cpe:/a:bea:weblogic_server:7.0:sp2:express
cpe:/a:bea:weblogic_server:7.0:sp3:express
cpe:/a:bea:weblogic_server:8.1:sp2BEA Systems WebLogic Server 8.1 SP2
cpe:/a:bea:weblogic_server:8.1BEA Systems WebLogic Server 8.1

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4761
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-4761
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200512-688
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/15052
(PATCH)  BID  15052
http://secunia.com/advisories/17138
(VENDOR_ADVISORY)  SECUNIA  17138
http://dev2dev.bea.com/pub/advisory/152
(VENDOR_ADVISORY)  BEA  BEA05-98.00

- 漏洞信息

BEA WebLogic Server和WebLogic Express多个安全漏洞
低危 资料不足
2005-12-31 00:00:00 2006-04-10 00:00:00
远程※本地  
        BEA Systems WebLogic包含多种应用系统集成方案,包括Server/Express/Integration等。
        BEA发布了24个安全公告,描述了各种影响BEA WebLogic Server和WebLogic Express的漏洞,包括口令泄漏、跨站脚本、拒绝服务等。本地或远程攻击者可以利用这些漏洞破坏计算机的保密性、完整性等,最终导致完全入侵有漏洞的机器。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        http://commerce.bea.com/showallversions.jsp?family=WLS
        http://commerce.bea.com/showallversions.jsp?family=WLP

- 漏洞信息

20105
BEA WebLogic -D Switch Server Log Cleartext Credential Disclosure
Remote / Network Access Cryptographic, Information Disclosure
Loss of Confidentiality
Exploit Unknown

- 漏洞描述

BEA WebLogic contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when system properties are supplied on the Java command-line by using the -D switch when booting the server, which may allow a remote attacker with read access to the server log to disclose sensitive information resulting in a loss of confidentiality.

- 时间线

2005-10-10 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 8.1 Service Pack 5 or 7.0 Service Pack 6 higher, as it has been reported to fix this vulnerability. In addition, BEA Systems has released a patch for version 6.1 Service Pack 7.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

BEA WebLogic Server and WebLogic Express Multiple Vulnerabilities
Unknown 15052
Yes Yes
2005-10-10 12:00:00 2007-09-03 10:21:00
The vendor disclosed these issues.

- 受影响的程序版本

BEA Systems WebLogic Server for Win32 8.1 SP 5
BEA Systems WebLogic Server for Win32 8.1 SP 4
BEA Systems WebLogic Server for Win32 8.1 SP 3
BEA Systems WebLogic Server for Win32 8.1 SP 2
BEA Systems WebLogic Server for Win32 8.1 SP 1
BEA Systems WebLogic Server for Win32 8.1
BEA Systems WebLogic Server for Win32 7.0 .0.1 SP 2
BEA Systems WebLogic Server for Win32 7.0 .0.1 SP 1
BEA Systems WebLogic Server for Win32 7.0 .0.1
BEA Systems WebLogic Server for Win32 7.0 SP 7
BEA Systems WebLogic Server for Win32 7.0 SP 6
BEA Systems WebLogic Server for Win32 7.0 SP 5
BEA Systems WebLogic Server for Win32 7.0 SP 4
BEA Systems WebLogic Server for Win32 7.0 SP 3
BEA Systems WebLogic Server for Win32 7.0 SP 2
BEA Systems WebLogic Server for Win32 7.0 SP 1
BEA Systems WebLogic Server for Win32 7.0
BEA Systems WebLogic Server for Win32 6.1 SP 8
BEA Systems WebLogic Server for Win32 6.1 SP 7
BEA Systems WebLogic Server for Win32 6.1 SP 6
BEA Systems WebLogic Server for Win32 6.1 SP 5
BEA Systems WebLogic Server for Win32 6.1 SP 4
BEA Systems WebLogic Server for Win32 6.1 SP 3
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Terminal Server 4.0 SP6
- Microsoft Windows NT Terminal Server 4.0 SP5
- Microsoft Windows NT Terminal Server 4.0 SP4
- Microsoft Windows NT Terminal Server 4.0 SP3
- Microsoft Windows NT Terminal Server 4.0 SP2
- Microsoft Windows NT Terminal Server 4.0 SP1
- Microsoft Windows NT Terminal Server 4.0
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
BEA Systems WebLogic Server for Win32 6.1 SP 2
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Terminal Server 4.0 SP6
- Microsoft Windows NT Terminal Server 4.0 SP5
- Microsoft Windows NT Terminal Server 4.0 SP4
- Microsoft Windows NT Terminal Server 4.0 SP3
- Microsoft Windows NT Terminal Server 4.0 SP2
- Microsoft Windows NT Terminal Server 4.0 SP1
- Microsoft Windows NT Terminal Server 4.0
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
BEA Systems WebLogic Server for Win32 6.1 SP 1
BEA Systems WebLogic Server for Win32 6.1
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Terminal Server 4.0 SP6
- Microsoft Windows NT Terminal Server 4.0 SP5
- Microsoft Windows NT Terminal Server 4.0 SP4
- Microsoft Windows NT Terminal Server 4.0 SP3
- Microsoft Windows NT Terminal Server 4.0 SP2
- Microsoft Windows NT Terminal Server 4.0 SP1
- Microsoft Windows NT Terminal Server 4.0
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
BEA Systems Weblogic Server 8.1 SP 5
BEA Systems Weblogic Server 8.1 SP 4
BEA Systems Weblogic Server 8.1 SP 3
BEA Systems Weblogic Server 8.1 SP 2
BEA Systems Weblogic Server 8.1 SP 1
BEA Systems Weblogic Server 8.1
BEA Systems Weblogic Server 7.0 .0.1 SP 4
BEA Systems Weblogic Server 7.0 .0.1 SP 3
BEA Systems Weblogic Server 7.0 .0.1 SP 2
BEA Systems Weblogic Server 7.0 .0.1 SP 1
BEA Systems Weblogic Server 7.0 .0.1
BEA Systems Weblogic Server 7.0 SP 7
BEA Systems Weblogic Server 7.0 SP 6
BEA Systems Weblogic Server 7.0 SP 5
BEA Systems Weblogic Server 7.0 SP 4
BEA Systems Weblogic Server 7.0 SP 3
BEA Systems Weblogic Server 7.0 SP 2
BEA Systems Weblogic Server 7.0 SP 1
BEA Systems Weblogic Server 7.0
- HP HP-UX 11.0
- HP HP-UX 11i v1
- IBM AIX 4.3.3
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- RedHat Linux 7.1 i386
- RedHat Linux 6.2 i386
- Sun Solaris 8_sparc
- Sun Solaris 2.7_sparc
- Sun Solaris 2.6_sparc
BEA Systems Weblogic Server 6.1 SP6
BEA Systems Weblogic Server 6.1 SP 8
BEA Systems Weblogic Server 6.1 SP 7
BEA Systems Weblogic Server 6.1 SP 5
BEA Systems Weblogic Server 6.1 SP 4
BEA Systems Weblogic Server 6.1 SP 3
- HP HP-UX 11.0
- HP HP-UX 11i v1
- IBM AIX 4.3.3
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- RedHat Linux 7.1 i386
- RedHat Linux 6.2 i386
- Sun Solaris 8_sparc
- Sun Solaris 2.7_sparc
- Sun Solaris 2.6_sparc
BEA Systems Weblogic Server 6.1 SP 2
BEA Systems Weblogic Server 6.1 SP 1
BEA Systems Weblogic Server 6.1
- HP HP-UX 11.0
- HP HP-UX 11i v1
- IBM AIX 4.3.3
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- RedHat Linux 7.1 i386
- RedHat Linux 6.2 i386
- Sun Solaris 8_sparc
- Sun Solaris 2.7_sparc
- Sun Solaris 2.6_sparc
BEA Systems WebLogic Express for Win32 8.1 SP 5
BEA Systems WebLogic Express for Win32 8.1 SP 4
BEA Systems WebLogic Express for Win32 8.1 SP 3
BEA Systems WebLogic Express for Win32 8.1 SP 2
BEA Systems WebLogic Express for Win32 8.1 SP 1
BEA Systems WebLogic Express for Win32 8.1
BEA Systems WebLogic Express for Win32 7.0 .0.1 SP 2
BEA Systems WebLogic Express for Win32 7.0 .0.1 SP 1
BEA Systems WebLogic Express for Win32 7.0 .0.1
BEA Systems WebLogic Express for Win32 7.0 SP 7
BEA Systems WebLogic Express for Win32 7.0 SP 6
BEA Systems WebLogic Express for Win32 7.0 SP 5
BEA Systems WebLogic Express for Win32 7.0 SP 4
BEA Systems WebLogic Express for Win32 7.0 SP 3
BEA Systems WebLogic Express for Win32 7.0 SP 2
BEA Systems WebLogic Express for Win32 7.0 SP 1
BEA Systems WebLogic Express for Win32 7.0
BEA Systems WebLogic Express for Win32 6.1 SP 8
BEA Systems WebLogic Express for Win32 6.1 SP 7
BEA Systems WebLogic Express for Win32 6.1 SP 6
BEA Systems WebLogic Express for Win32 6.1 SP 5
BEA Systems WebLogic Express for Win32 6.1 SP 4
BEA Systems WebLogic Express for Win32 6.1 SP 3
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Terminal Server 4.0 SP6
- Microsoft Windows NT Terminal Server 4.0 SP5
- Microsoft Windows NT Terminal Server 4.0 SP4
- Microsoft Windows NT Terminal Server 4.0 SP3
- Microsoft Windows NT Terminal Server 4.0 SP2
- Microsoft Windows NT Terminal Server 4.0 SP1
- Microsoft Windows NT Terminal Server 4.0
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
BEA Systems WebLogic Express for Win32 6.1 SP 2
BEA Systems WebLogic Express for Win32 6.1 SP 1
BEA Systems WebLogic Express for Win32 6.1
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Terminal Server 4.0 SP6
- Microsoft Windows NT Terminal Server 4.0 SP5
- Microsoft Windows NT Terminal Server 4.0 SP4
- Microsoft Windows NT Terminal Server 4.0 SP3
- Microsoft Windows NT Terminal Server 4.0 SP2
- Microsoft Windows NT Terminal Server 4.0 SP1
- Microsoft Windows NT Terminal Server 4.0
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
BEA Systems WebLogic Express 8.1 SP 5
BEA Systems WebLogic Express 8.1 SP 4
BEA Systems WebLogic Express 8.1 SP 3
BEA Systems WebLogic Express 8.1 SP 2
BEA Systems WebLogic Express 8.1 SP 1
BEA Systems WebLogic Express 8.1
BEA Systems WebLogic Express 7.0 .0.1 SP 4
BEA Systems WebLogic Express 7.0 .0.1 SP 3
BEA Systems WebLogic Express 7.0 .0.1 SP 2
BEA Systems WebLogic Express 7.0 .0.1 SP 1
BEA Systems WebLogic Express 7.0 .0.1
BEA Systems WebLogic Express 7.0 SP 7
BEA Systems WebLogic Express 7.0 SP 6
BEA Systems WebLogic Express 7.0 SP 5
BEA Systems WebLogic Express 7.0 SP 4
BEA Systems WebLogic Express 7.0 SP 3
BEA Systems WebLogic Express 7.0 SP 2
BEA Systems WebLogic Express 7.0 SP 1
BEA Systems WebLogic Express 7.0
- HP HP-UX 11.0
- HP HP-UX 11i v1
- IBM AIX 4.3.3
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- RedHat Linux 7.1 i386
- RedHat Linux 6.2 i386
- Sun Solaris 8_sparc
- Sun Solaris 2.7_sparc
- Sun Solaris 2.6_sparc
BEA Systems WebLogic Express 6.1 SP6
BEA Systems WebLogic Express 6.1 SP 8
BEA Systems WebLogic Express 6.1 SP 7
BEA Systems WebLogic Express 6.1 SP 5
BEA Systems WebLogic Express 6.1 SP 4
BEA Systems WebLogic Express 6.1 SP 3
- HP HP-UX 11.0
- HP HP-UX 11i v1
- IBM AIX 4.3.3
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- RedHat Linux 7.1 i386
- RedHat Linux 6.2 i386
- Sun Solaris 8_sparc
- Sun Solaris 2.7
- Sun Solaris 2.6
BEA Systems WebLogic Express 6.1 SP 2
BEA Systems WebLogic Express 6.1 SP 1
BEA Systems WebLogic Express 6.1
- HP HP-UX 11.0
- HP HP-UX 11i v1
- IBM AIX 4.3.3
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- RedHat Linux 7.1 i386
- RedHat Linux 6.2 i386
- Sun Solaris 8_sparc
- Sun Solaris 2.7
- Sun Solaris 2.6

- 漏洞讨论

BEA has released 24 advisories identifying various vulnerabilities affecting BEA WebLogic Server and WebLogic Express. These issues present remote and local threats and may facilitate attacks affecting the integrity, confidentiality, and availability of vulnerable computers.

We conjecture that some of these issues may allow an attacker to completely compromise a vulnerable computer.

These issues are currently being analyzed. This BID will be updated and individual BIDs will be released when further analysis is complete.

- 漏洞利用


Some of these issues do not require exlpoit code.

Currently we are not aware of any exploits for other issues requiring exploit code. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com

- 解决方案

BEA has released multiple advisories as well as fixes:

- An updated security advisory (BEA06-106.01) with updated fixes
- An updated security advisory (BEA06-87.02) with updated fixes. This advisory replaces BEA06-87.01 and BEA06-87.00.

Please see the referenced advisories for details.

An updated security advisory (BEA07-107.02) with updated fixes is available; this advisory replaces security advisory BEA05-107.01.


BEA Systems WebLogic Express for Win32 6.1 SP 7

BEA Systems WebLogic Express 6.1 SP 7

BEA Systems WebLogic Server for Win32 6.1 SP 7

BEA Systems Weblogic Server 7.0 SP 7

BEA Systems WebLogic Express 7.0 SP 7

BEA Systems WebLogic Server for Win32 7.0 SP 7

BEA Systems WebLogic Express for Win32 7.0 SP 7

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站