Test Kennung:	1.3.6.1.4.1.25623.1.0.11486
Kategorie:	Web Servers
Titel:	BEA WebLogic Management Servlet Multiple Vulnerabilities (BEA03-28)
Zusammenfassung:	BEA WebLogic is prone to multiple vulnerabilities in a; management servlet.
Beschreibung:	Summary: BEA WebLogic is prone to multiple vulnerabilities in a management servlet. Vulnerability Insight: An internal management servlet which does not properly check user credential can be accessed from outside, allowing an attacker to change user passwords, and even upload or download any file on the remote server. In addition to this, there is a flaw in WebLogic 7.0 which may allow users to delete empty subcontexts. Solution: - Apply Service Pack 2 Rolling Patch 3 on WebLogic 6.0 - Apply Service Pack 4 on WebLogic 6.1 - Apply Service Pack 2 on WebLogic 7.0 or 7.0.0.1. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2003-1095 BugTraq ID: 7130 http://www.securityfocus.com/bid/7130 CERT/CC vulnerability note: VU#691153 http://www.kb.cert.org/vuls/id/691153 XForce ISS Database: weblogic-app-reauthentication-bypass(11555) https://exchange.xforce.ibmcloud.com/vulnerabilities/11555 Common Vulnerability Exposure (CVE) ID: CVE-2003-0151 BugTraq ID: 7122 http://www.securityfocus.com/bid/7122 BugTraq ID: 7124 http://www.securityfocus.com/bid/7124 Bugtraq: 20030317 S21SEC-011 - Multiple vulnerabilities in BEA WebLogic Server (Google Search) http://marc.info/?l=bugtraq&m=104792544515384&w=2 Bugtraq: 20030317 SPI ADVISORY: Remote Administration of BEA WebLogic Server and Express (Google Search) http://marc.info/?l=bugtraq&m=104792477914620&w=2 http://www.s21sec.com/en/avisos/s21sec-011-en.txt
Copyright	Copyright (C) 2005 Michel Arboi

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.