Main Menu
Network
Sponsor
Top 10 Sites
Partners
|
|
Top Submit newsSubscribe 
Communication | Computer Crime | Digital Audio, Video, Photo | General News | Hardware | Internet | Mobile | PDA | Security | Software | Vulnerability |
Previous articleBack to news listNext article
| Sponsored links | Want to become one of our authors and see your work published on ALLSeek.iNFO ?
| | BEA WebLogic Input Validation Flaw in Proxy Plug-in Lets Remote Users Crash the Service With Malformed URLs |
|---|
Categorie: Vulnerability
Posted: 2003-11-13 by ReCall
Views: 352
Source: Click here
| Current Rating: Not rated
|
| | Details |
|---|
Description: A denial of service vulnerability was reported in BEA's WebLogic Server and Express when using a proxy plug- in. A remote user can cause the proxy plug-in to crash.
It is reported that a remote user can send incorrectly formatted URLs to WebLogic Server or Express through a WebLogic Server proxy plug-in to cause the proxy plug-in to crash. As a result, the target web site will be inaccessible.
Only sites that use the WebLogic Server proxy plug-ins are affected, the vendor said.
Jamba! is credited with reporting this flaw.
Impact: A remote user can cause the proxy plug-in to crash, making the web service inaccessible to other users.
Solution: The vendor has released a fix. For WebLogic Server and Express 6.1, 7.0, and 8.1 users with a WebLogic proxy plugin on Apache HTTP Server running on Solaris, HPUX, Linux, AIX, or Tru64 or on iPlanet running on Solaris, HPUX, or AIX, you can download a fix that contains export strength SSL:
ftp://ftpna.beasys.com/pub/releases/security/CR121341.zip
To obtain domestic strength SSL, contact BEA Customer Support.
For WebLogic Server and Express 6.1, 7.0, and 8.1 customers using the WebLogic proxy plugin on Apache HTTP Server on Microsoft NT or Microsoft Windows 2000 or on Microsoft Internet Information Services on Microsoft NT or Microsoft Windows 2000, the fix for plug-ins with export strength SSL is available at:
ftp://ftpna.beasys.com/pub/releases/security/CR121341_win.zip
To obtain domestic strength SSL, contact BEA Customer Support.
The vendor reports that the fix will be included in the versions of the plug-ins that will be distributed with the following service packs:
* WebLogic Server 6.1 Service Pack 6
* WebLogic Server 7.0 Service Pack 5
* WebLogic Server 8.1 Service Pack 2
| | Syndication |
|---|
Permalink Email this
The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=534
| | User comments (post your comments ) |
|---|
Only registerd members can post comments and articles
|
| Previous articleBack to news listNext article
|
|
|
|
InterJOB.su
|
