安全研究
安全漏洞
BEA WebLogic Server/WebLogic Express远程拒绝服务漏洞
发布日期:2004-05-11
更新日期:2004-05-17
受影响系统:
BEA Systems WebLogic Express 8.1 SP1不受影响系统:
BEA Systems WebLogic Express 8.1
BEA Systems WebLogic Express 7.0 SP4
BEA Systems WebLogic Express 7.0 SP3
BEA Systems WebLogic Express 7.0 SP2
BEA Systems WebLogic Express 7.0 SP1
BEA Systems Weblogic Server 8.1 SP1
BEA Systems Weblogic Server 8.1
BEA Systems Weblogic Server 7.0 SP4
BEA Systems Weblogic Server 7.0 SP3
BEA Systems Weblogic Server 7.0 SP2
BEA Systems Weblogic Server 7.0 SP1
BEA Systems Weblogic Server 7.0
BEA Systems WebLogic Express 7.0
- HP HP-UX 11i
- HP HP-UX 11.0
- IBM AIX 4.3.3
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- RedHat Linux 7.1
- RedHat Linux 6.2
- Sun Solaris 8.0
- Sun Solaris 7.0
- Sun Solaris 2.6
BEA Systems WebLogic Express 8.1 SP2描述:
BEA Systems WebLogic Express 7.0 SP5
BEA Systems Weblogic Server 8.1 SP2
BEA Systems Weblogic Server 7.0 SP5
BUGTRAQ ID: 10327
BEA Systems WebLogic包含多种应用系统集成方案,包括Server/Express/Integration等。
BEA WebLogic Server和WebLogic Express在处理限制用户停止或启动服务的处理上存在问题,远程攻击者可以利用这个漏洞对未授权使服务停止,而产生拒绝服务。
此漏洞发生在当站点限制Admin和Operator安全范围中的用户能启动或关闭服务时发生。目前没有详细漏洞细节提供。
<*来源:BEA
链接:http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_60.00.jsp
*>
建议:
厂商补丁:
BEA Systems
-----------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
BEA Systems Weblogic Server 7.0 SP 4:
BEA Systems Upgrade WebLogic Server 7.0 SP5
http://commerce.beasys.com/downloads/weblogic_server.jsp#wls
BEA Systems WebLogic Server for Win32 7.0 SP 4:
BEA Systems Upgrade WebLogic Server 7.0 SP5
http://commerce.beasys.com/downloads/weblogic_server.jsp#wls
BEA Systems Weblogic Server 8.1 SP 1:
BEA Systems Upgrade WebLogic Server 8.0 SP2
http://commerce.beasys.com/showallversions.jsp?family=WLS
BEA Systems WebLogic Express 8.1 SP 1:
BEA Systems Upgrade WebLogic Server 8.0 SP2
http://commerce.beasys.com/showallversions.jsp?family=WLS
BEA Systems WebLogic Express for Win32 8.1 SP 1:
BEA Systems Upgrade WebLogic Server 8.0 SP2
http://commerce.beasys.com/showallversions.jsp?family=WLS
BEA Systems WebLogic Server for Win32 8.1 SP 1:
BEA Systems Upgrade WebLogic Server 8.0 SP2
http://commerce.beasys.com/showallversions.jsp?family=WLS
BEA Systems WebLogic Server for Win32 8.1:
BEA Systems Upgrade WebLogic Server 8.0 SP2
http://commerce.beasys.com/showallversions.jsp?family=WLS
BEA Systems WebLogic Express 8.1:
BEA Systems Upgrade WebLogic Server 8.0 SP2
http://commerce.beasys.com/showallversions.jsp?family=WLS
BEA Systems Weblogic Server 8.1:
BEA Systems Upgrade WebLogic Server 8.0 SP2
http://commerce.beasys.com/showallversions.jsp?family=WLS
BEA Systems WebLogic Express for Win32 8.1:
BEA Systems Upgrade WebLogic Server 8.0 SP2
http://commerce.beasys.com/showallversions.jsp?family=WLS
浏览次数:4516
严重程度:0(网友投票)
绿盟科技给您安全的保障