|
Family: CGI abuses --> Category: infos
WebLogic management servlet Vulnerability Scan
Vulnerability Scan Summary Checks the version of WebLogic
Detailed Explanation for this Vulnerability Test
The remote web server is WebLogic
An internal management servlet which does not properly
check user credential can be accessed from outside, allowing
a cracker to change user passwords, and even upload or download
any file on the remote server.
In addition to this, there is a flaw in WebLogic 7.0 which may
allow users to delete empty subcontexts.
*** Note that Nessus only checked the version in the server banner
*** So this might be a false positive.
See also : http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-28.jsp
Solutions :
- apply Service Pack 2 Rolling Patch 3 on WebLogic 6.0
- apply Service Pack 4 on WebLogic 6.1
- apply Service Pack 2 on WebLogic 7.0 or 7.0.0.1
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|