Securing Enterprise Applications - Cenzic Contact Us
Call 1-866-4-CENZIC (423-6942)
or email request@cenzic.com

home > cia research > alerts > weblogic server-alert
cia_research

Get Better Security
spacer

CIA RESEARCH

Alerts

[CIA-1053-Alert] Weblogic Server Multiple Vulnerabilities

Summary:

Multiple vulnerabilities were disclosed in versions of the Weblogic Server platform. See the Technical Details section for more information. BEA has released security fixes for each of these vulnerabilities.

Technical Details:

JSP Source Disclosure, Security Tracker ID:1016100,
CVE:GENERIC-MAP-NOMATCH-done
Solution:
http://dev2dev.BEA.com/pub/advisory/192

JTA unencrypted Transactions, Security Tracker ID:1016103,
CVE:GENERIC-MAP-NOMATCH-done
Solution:
http://dev2dev.BEA.com/pub/advisory/195

Domain Name Information Leak, Security Tracker ID: 1016099,
CVE:GENERIC-MAP-NOMATCH-done
Solution:
http://dev2dev.BEA.com/pub/advisory/190

Weblogic password log exposure, Security Tracker ID: 1016098,
CVE:GENERIC-MAP-NOMATCH
Solution:
http://dev2dev.BEA.com/pub/advisory/189

Weblogic Internal Network Information Disclosure, Security Tracker ID: 1016096,
CVE: GENERIC-MAP-NOMATCH
Solution:
http://dev2dev.BEA.com/pub/advisory/187

Weblogic Private Key Exposure, Security Tracker ID: 1016095,
CVE: GENERIC-MAP-NOMATCH
Solution:
http://dev2dev.BEA.com/pub/advisory/186

Weblogic stopweblogic.sh exposure, Security Tracker ID:1016094,
CVE:GENERIC-MAP-NOMATCH
Solution:
http://dev2dev.bea.com/pub/advisory/181

Quality of Service Error Information Leak, Security Tracker ID:1016102,
CVE:GENERIC-MAP-NOMATCH
Solution:
http://dev2dev.BEA.com/pub/advisory/194

Admin Password Local Exposure, Security Tracker ID:1016101,
CVE: GENERIC-MAP-NOMATCH
Solution:
http://dev2dev.BEA.com/pub/advisory/193

JDBC Security Policy Vulnerability, Security Tracker ID: 1016097,
CVE:GENERIC-MAP-NOMATCH
Solution:
http://dev2dev.BEA.com/pub/advisory/188

Solution:

Apply the security fixes relevant to your version and service pack of WebLogic.

CVE Reference:

See Technical Details.

SecurityTracker Number(s):

See Tecnical Details.

Vendor URL:

BEA

About the Cenzic CIA Team:

Cenzic Intelligent Analysis (CIA) is Cenzic's research arm that focuses on continuous research for application vulnerabilities. Industry Research, Vulnerability assessment, penetration testing, and security testing - that's what Cenzic Intelligent Analysis Research is all about. Cenzic has dedicated experts whose sole job is to perform ongoing research to find not only common vulnerabilities but also vulnerabilities found in customer applications and make them available to our customers and to the community at large.

About Cenzic:

Cenzic provides Hailstorm® the revolutionary enterprise software suite for automated application security assessment and compliance that allows corporations and government organizations to dramatically improve the security of commercial and custom applications. Hailstorm enables security experts, QA professionals, and developers to work together to assess, analyze, and remediate applications for security vulnerabilities, and verify compliance with security policies. Benefits include reduced security risk and liability, lower development and testing costs, and faster time-to-market. Cenzic's customers are currently in the financial services and e-marketplaces sectors. For more information visit www.cenzic.com or call 1-866-4-CENZIC

back to top
Technical Resources
> Datasheet: Hailstorm Enterprise ARC
> Datasheet: Hailstorm Pro
> Datasheet: Hailstorm Starter
> Datasheet: Hailstorm Core
> White Paper: Beyond Simple Vulnerabilities Scanning
> White Paper: Cross Frame Scripting
> White Paper: Cenzic Imperative Assessment Plan
> White Paper: Enabling Security in the Software Development Lifecycle (PDF)

web application security
Subscribe
From the Industry
Application security

COMPANY   |   PRODUCTS & SERVICES   |   SUPPORT   |   NEWS   |   CUSTOMERS   |   PARTNERS   |   CIA RESEARCH   |   CONTACT   |   LEGAL   |   PRIVACY   |   SITE MAP   |   HOME

© Copyright 2008 Cenzic