Test ID:	1.3.6.1.4.1.25623.1.0.11486
Category:	Web Servers
Title:	BEA WebLogic Management Servlet Multiple Vulnerabilities (BEA03-28)
Summary:	BEA WebLogic is prone to multiple vulnerabilities in a; management servlet.
Description:	Summary: BEA WebLogic is prone to multiple vulnerabilities in a management servlet. Vulnerability Insight: An internal management servlet which does not properly check user credential can be accessed from outside, allowing an attacker to change user passwords, and even upload or download any file on the remote server. In addition to this, there is a flaw in WebLogic 7.0 which may allow users to delete empty subcontexts. Solution: - Apply Service Pack 2 Rolling Patch 3 on WebLogic 6.0 - Apply Service Pack 4 on WebLogic 6.1 - Apply Service Pack 2 on WebLogic 7.0 or 7.0.0.1. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2003-1095 BugTraq ID: 7130 http://www.securityfocus.com/bid/7130 CERT/CC vulnerability note: VU#691153 http://www.kb.cert.org/vuls/id/691153 XForce ISS Database: weblogic-app-reauthentication-bypass(11555) https://exchange.xforce.ibmcloud.com/vulnerabilities/11555 Common Vulnerability Exposure (CVE) ID: CVE-2003-0151 BugTraq ID: 7122 http://www.securityfocus.com/bid/7122 BugTraq ID: 7124 http://www.securityfocus.com/bid/7124 Bugtraq: 20030317 S21SEC-011 - Multiple vulnerabilities in BEA WebLogic Server (Google Search) http://marc.info/?l=bugtraq&m=104792544515384&w=2 Bugtraq: 20030317 SPI ADVISORY: Remote Administration of BEA WebLogic Server and Express (Google Search) http://marc.info/?l=bugtraq&m=104792477914620&w=2 http://www.s21sec.com/en/avisos/s21sec-011-en.txt
Copyright	Copyright (C) 2005 Michel Arboi

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.