| VID |
22278 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
Servlet |
| Detailed Description |
The version of the relative BEA WebLogic server is older than version 8.1 SP3.
BEA Systems has released advisories to address multiple vulnerabilities in WebLogic Server and Express 8.1 SP3 prior. These issues may allow unauthorized access, information disclosure, or pose threats to role and policy security.
* Note: This check solely relied on the version number of the remote WebLogic server to assess this vulnerability, so this might be a false positive.
* Platforms Affected:
BEA Systems, WebLogic Server/Express 8.1 Service Pack 3 prior
BEA Systems, WebLogic Server/Express 7.0 Service Pack 6 prior
BEA Systems, WebLogic Server/Express 6.1 Service Pack 7 prior
Any operating system Any version |
| Recommendation |
WebLogic Server/Express 8.1 users may address these issues by upgrading to the latest Service Pack (3 or later). Various fixes have been made available for earlier releases of WebLogic that typically entail upgrading to the latest Service Pack and applying the appropriate patch. Please see the following BEA Systems advisories (BEA04-65.00 through BEA04-72.00) for further information:
http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04-65.00.jsp
http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04-66.00.jsp
http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04-67.00.jsp
http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04-68.00.jsp
http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04-69.00.jsp
http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04-70.00.jsp
http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04-71.00.jsp
http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04-72.00.jsp |
| Related URL |
(CVE) |
| Related URL |
11168 (SecurityFocus) |
| Related URL |
(ISS) |
|
