CERT-MU :Vulnerability

Home | Search | FAQ | Site Map | Contact Us

|| Hotline : 800 2378 || To contact CERT-MU send e-mail on --> info[at]cert-mu.gov.mu || To report incident e-mail on --> incident[at]cert-mu.gov.mu || To report Vulnerabilities send e-mail on --> Vulnerability[at]cert-mu.gov.mu ||

Charter & Mission

CERT-MU Services

Constituency

Authority

Incident Reporting

Vulnerability Reporting

Incident Statistics Forms

Vol. 2, Feb 2012

Vol. 1, Oct 2011

World CERTs

Security Sites

Security Tools

Antivirus Resources

Email Abuse

Network Abuse

Anti-Spam Initiative

Cyber Security Portal

Safer Internet Day

Computer Security Day

National Computer Board

Authorized to use CERT(TM) - CERT is a mark owned by Carnegie Mellon University

CERT-MU Vulnerability Note VN-2008-10

Vulnerability in Oracle WebLogic plug-in for Apache causes Denial of Service

Original Issue Date: October 15, 2008

Severity Rating: High

Systems Affected

Oracle WebLogic Server 9.0,9.1,10.3
Oracle WebLogic Server 10.0 released through Maintenance Pack 1
Oracle WebLogic Server 9.2 released through Maintenance Pack 3
Oracle WebLogic Server 8.1 released through Service Pack 6
Oracle WebLogic Server 7.0 released through Service Pack 7
Oracle WebLogic Server 6.1 released through Service Pack 7

Overview

A vulnerability has been reported in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7, which could be exploited by remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

Description

A vulnerability has been reported in certain versions of WebLogic Server. This vulnerability can be remotely exploited without authentication to affect the availability, confidentiality or integrity of WebLogic Server applications which use the Apache web server configured with the Oracle WebLogic plug-in for Apache.

Workarounds