Test ID:	1.3.6.1.4.1.25623.1.0.11486
Category:	Web application abuses
Title:	WebLogic management servlet
Summary:	Checks the version of WebLogic
Description:	The remote web server is WebLogic An internal management servlet which does not properly check user credential can be accessed from outside, allowing a cracker to change user passwords, and even upload or download any file on the remote server. In addition to this, there is a flaw in WebLogic 7.0 which may allow users to delete empty subcontexts. *** Note that OpenVAS only checked the version in the server banner *** So this might be a false positive. See also : http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-28.jsp Solutions : - apply Service Pack 2 Rolling Patch 3 on WebLogic 6.0 - apply Service Pack 4 on WebLogic 6.1 - apply Service Pack 2 on WebLogic 7.0 or 7.0.0.1
Cross-Ref:	BugTraq ID: 7122 BugTraq ID: 7124 BugTraq ID: 7130 BugTraq ID: 7131 Common Vulnerability Exposure (CVE) ID: CVE-2003-1095 CERT/CC vulnerability note: VU#691153 http://www.kb.cert.org/vuls/id/691153 http://www.securityfocus.com/bid/7130 XForce ISS Database: weblogic-app-reauthentication-bypass(11555) http://xforce.iss.net/xforce/xfdb/11555
Copyright	This script is Copyright (C) 2003 Michel Arboi

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.

New User Registration Email: UserID: Passwd: Please email me your monthly newsletters, informing the latest services, improvements & surveys. Please email me a vulnerability test announcement whenever a new test is added.     Privacy

Registered User Login   UserID:     Passwd:     Forgot userid or passwd? Email/Userid: