ID de Prueba:	1.3.6.1.4.1.25623.1.0.11486
Categoría:	Web Servers
Título:	BEA WebLogic Management Servlet Multiple Vulnerabilities (BEA03-28)
Resumen:	BEA WebLogic is prone to multiple vulnerabilities in a; management servlet.
Descripción:	Summary: BEA WebLogic is prone to multiple vulnerabilities in a management servlet. Vulnerability Insight: An internal management servlet which does not properly check user credential can be accessed from outside, allowing an attacker to change user passwords, and even upload or download any file on the remote server. In addition to this, there is a flaw in WebLogic 7.0 which may allow users to delete empty subcontexts. Solution: - Apply Service Pack 2 Rolling Patch 3 on WebLogic 6.0 - Apply Service Pack 4 on WebLogic 6.1 - Apply Service Pack 2 on WebLogic 7.0 or 7.0.0.1. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2003-1095 BugTraq ID: 7130 http://www.securityfocus.com/bid/7130 CERT/CC vulnerability note: VU#691153 http://www.kb.cert.org/vuls/id/691153 XForce ISS Database: weblogic-app-reauthentication-bypass(11555) https://exchange.xforce.ibmcloud.com/vulnerabilities/11555 Common Vulnerability Exposure (CVE) ID: CVE-2003-0151 BugTraq ID: 7122 http://www.securityfocus.com/bid/7122 BugTraq ID: 7124 http://www.securityfocus.com/bid/7124 Bugtraq: 20030317 S21SEC-011 - Multiple vulnerabilities in BEA WebLogic Server (Google Search) http://marc.info/?l=bugtraq&m=104792544515384&w=2 Bugtraq: 20030317 SPI ADVISORY: Remote Administration of BEA WebLogic Server and Express (Google Search) http://marc.info/?l=bugtraq&m=104792477914620&w=2 http://www.s21sec.com/en/avisos/s21sec-011-en.txt
Copyright	Copyright (C) 2005 Michel Arboi

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.