Vulnerability Scanning Solutions, LLC.
Home
Our Process
Residential
Corporate
What We Scan For
Sample Report
Client List
Terms
Contact Us
What We Scan For
Family: CGI abuses --> Category: infos

WebLogic management servlet Vulnerability Scan


Vulnerability Scan Summary
Checks the version of WebLogic

Detailed Explanation for this Vulnerability Test

The remote web server is WebLogic

An internal management servlet which does not properly
check user credential can be accessed from outside, allowing
a cracker to change user passwords, and even upload or download
any file on the remote server.

In addition to this, there is a flaw in WebLogic 7.0 which may
allow users to delete empty subcontexts.

*** Note that Nessus only checked the version in the server banner
*** So this might be a false positive.

See also : http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-28.jsp

Solutions :
- apply Service Pack 2 Rolling Patch 3 on WebLogic 6.0
- apply Service Pack 4 on WebLogic 6.1
- apply Service Pack 2 on WebLogic 7.0 or 7.0.0.1

Threat Level: High

Click HERE for more information and discussions on this network vulnerability scan.

VSS, LLC.

P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.