WebLogic Server和Express HTTP TRACE Credential Theft 漏洞-一一网

漏洞信息详情

WebLogic Server和Express HTTP TRACE Credential Theft 漏洞

CNNVD编号：CNNVD-200412-533

危害等级：中危
CVE编号：
CVE-2004-2320
漏洞类型：

信息泄露
发布时间：

2004-12-31
威胁类型：

远程
更新时间：

2009-01-08
厂商：

bea
漏洞来源：
Announced by BEA S…

漏洞简介

BEA WebLogic Server和Express 8.1 SP2及其以前的版本，7.0 SP4及其以前的版本， 6.1至SP6，和5.1至SP13版本的默认配置响应HTTP TRACE请求，远程攻击者使用跨站跟踪攻击（XST)盗取信息，该攻击在易受跨站脚本影响的应用进程中。

漏洞公告

The vendor has released fixes to address this issue.
BEA Systems Weblogic Server 5.1 SP 13

BEA Systems CR124746_51sp13.jar
ftp://ftpna.beasys.com/pub/releases/security/CR124746_51sp13.jar

BEA Systems WebLogic Express 5.1 SP 13

BEA Systems CR124746_51sp13.jar
ftp://ftpna.beasys.com/pub/releases/security/CR124746_51sp13.jar

BEA Systems WebLogic Express for Win32 6.1

BEA Systems CR124746_61sp6.jar
ftp://ftpna.beasys.com/pub/releases/security/CR124746_61sp6.jar

BEA Systems WebLogic Server for Win32 6.1 SP 2

BEA Systems CR124746_61sp6.jar
ftp://ftpna.beasys.com/pub/releases/security/CR124746_61sp6.jar

BEA Systems WebLogic Express 6.1 SP 3

BEA Systems CR124746_61sp6.jar
ftp://ftpna.beasys.com/pub/releases/security/CR124746_61sp6.jar

BEA Systems WebLogic Server for Win32 6.1 SP 4

BEA Systems CR124746_61sp6.jar
ftp://ftpna.beasys.com/pub/releases/security/CR124746_61sp6.jar

BEA Systems WebLogic Server for Win32 6.1 SP 6

BEA Systems CR124746_61sp6.jar
ftp://ftpna.beasys.com/pub/releases/security/CR124746_61sp6.jar

BEA Systems Weblogic Server 6.1 SP 5

BEA Systems CR124746_61sp6.jar
ftp://ftpna.beasys.com/pub/releases/security/CR124746_61sp6.jar

BEA Systems WebLogic Express for Win32 6.1 SP 4

BEA Systems CR124746_61sp6.jar
ftp://ftpna.beasys.com/pub/releases/security/CR124746_61sp6.jar

BEA Systems WebLogic Express 6.1 SP6

BEA Systems CR124746_61sp6.jar
ftp://ftpna.beasys.com/pub/releases/security/CR124746_61sp6.jar

BEA Systems WebLogic Server for Win32 6.1

BEA Systems CR124746_61sp6.jar
ftp://ftpna.beasys.com/pub/releases/security/CR124746_61sp6.jar

BEA Systems WebLogic Express 6.1 SP 5

BEA Systems CR124746_61sp6.jar
ftp://ftpna.beasys.com/pub/releases/security/CR124746_61sp6.jar

BEA Systems WebLogic Express for Win32 6.1 SP 3

BEA Systems CR124746_61sp6.jar
ftp://ftpna.beasys.com/pub/releases/security/CR124746_61sp6.jar

BEA Systems WebLogic Server for Win32 6.1 SP 5

BEA Systems CR124746_61sp6.jar
ftp://ftpna.beasys.com/pub/releases/security/CR124746_61sp6.jar

BEA Systems Weblogic Server 6.1 SP 3

BEA Systems CR124746_61sp6.jar
ftp://ftpna.beasys.com/pub/releases/security/CR124746_61sp6.jar

BEA Systems WebLogic Express for Win32 6.1 SP 5

BEA Systems CR124746_61sp6.jar
ftp://ftpna.beasys.com/pub/releases/security/CR124746_61sp6.jar

BEA Systems Weblogic Server 6.1 SP6

BEA Systems CR124746_61sp6.jar
ftp://ftpna.beasys.com/pub/releases/security/CR124746_61sp6.jar

BEA Systems WebLogic Express 6.1

BEA Systems CR124746_61sp6.jar
ftp://ftpna.beasys.com/pub/releases/security/CR124746_61sp6.jar

BEA Systems Weblogic Server 6.1 SP 4

BEA Systems CR124746_61sp6.jar
ftp://ftpna.beasys.com/pub/releases/security/CR124746_61sp6.jar

BEA Systems WebLogic Server for Win32 6.1 SP 3

BEA Systems CR124746_61sp6.jar
ftp://ftpna.beasys.com/pub/releases/security/CR124746_61sp6.jar

BEA Systems WebLogic Express 7.0 SP 2

BEA Systems CR124746_70sp4.jar
ftp://ftpna.beasys.com/pub/releases/security/CR124746_70sp4.jar

BEA Systems Weblogic Server 7.0 SP 3

BEA Systems CR124746_70sp4.jar
ftp://ftpna.beasys.com/pub/releases/security/CR124746_70sp4.jar

BEA Systems WebLogic Express 7.0

BEA Systems CR124746_70sp4.jar
ftp://ftpna.beasys.com/pub/releases/security/CR124746_70sp4.jar

BEA Systems WebLogic Express for Win32 7.0 SP 4

BEA Systems CR124746_70sp4.jar
ftp://ftpna.beasys.com/pub/releases/security/CR124746_70sp4.jar

BEA Systems Weblogic Server 7.0 SP 2

BEA Systems CR124746_70sp4.jar
ftp://ftpna.beasys.com/pub/releases/security/CR124746_70sp4.jar

BEA Systems Weblogic Server 7.0

BEA Systems CR124746_70sp4.jar
ftp://ftpna.beasys.com/pub/releases/security/CR124746_70sp4.jar

BEA Systems WebLogic Server for Win32 7.0 SP 4

BEA Systems CR124746_70sp4.jar
ftp://ftpna.beasys.com/pub/releases/security/CR124746_70sp4.jar

BEA Systems WebLogic Server for Win32 7.0 SP 1

BEA Systems CR124746_70sp4.jar
ftp://ftpna.beasys.com/pub/releases/security/CR124746_70sp4.jar

BEA Systems WebLogic Express 7.0 SP 3

BEA Systems CR124746_70sp4.jar
ftp://ftpna.beasys.com/pub/releases/security/CR124746_70sp4.jar

BEA Systems WebLogic Express for Win32 7

参考网址

来源:US-CERT Vulnerability Note: VU#867593
名称: VU#867593
链接:http://www.kb.cert.org/vuls/id/867593

来源: XF
名称: weblogic-trace-xss(14959)
链接:http://xforce.iss.net/xforce/xfdb/14959

来源: SECTRACK
名称: 1008866
链接:http://www.securitytracker.com/alerts/2004/Jan/1008866.html

来源: BID
名称: 9506
链接:http://www.securityfocus.com/bid/9506

来源: BEA
名称: BEA04-48.01
链接:http://dev2dev.bea.com/pub/advisory/68

来源: OSVDB
名称: 3726
链接:http://www.osvdb.org/3726

来源: SECUNIA
名称: 10726
链接:http://secunia.com/advisories/10726

更多>>

文章版权归作者所有，未经允许请勿转载。

THE END

信息安全

AY System Solutions Web Content System 远程文件包含漏洞

关系数据库——mysql常用函数总结

Garennes ‘index.php’参数Repertoire_Config 多个PHP远程文件包含漏洞

使用 CSS perfer-* 规范，提升网站的可访问性与健壮性

Foxit Reader FoxitReaderOCX ActiveX控件’OpenFile()’缓冲区溢出漏洞

Shell系列之文件操作

WebLogic Server和Express HTTP TRACE Credential Theft 漏洞

漏洞信息详情

WebLogic Server和Express HTTP TRACE Credential Theft 漏洞

漏洞简介

漏洞公告

参考网址

受影响实体