Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: InfoSec Handlers Diary Blog - Oracle WebLogic Server Security Alert InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Oracle WebLogic Server Security Alert

Published: 2010-02-06
Last Updated: 2010-02-06 01:17:54 UTC
by Guy Bruneau (Version: 1)
0 comment(s)

Oracle issued a Security Alert that address a vulnerability in the Node Manager component of Oracle WebLogic Server (CVE-2010-0073).

According to Oracle, "This vulnerability may be remotely exploitable without authentication. A knowledgeable and malicious remote user can exploit this vulnerability which can result in impacting the availability, integrity and confidentiality of the targeted system." Oracle strongly recommends testing and apply this fix as soon as possible. Additional information is available here.

The list of affected product:

Oracle WebLogic Server 11gR1 releases (10.3.1 and 10.3.2)
Oracle WebLogic Server 10gR3 release (10.3.0)
Oracle WebLogic Server 10.0 through MP2
Oracle WebLogic Server 9.0, 9.1, 9.2 through MP3
Oracle WebLogic Server 8.1 through SP6
Oracle WebLogic Server 7.0 through SP7

-----------

 Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot org

Keywords: Oracle WebLogic
0 comment(s)
Diary Archives