CERTA-2006-AVI-054
Vulnerability from certfr_avis - Published: 2006-01-30 - Updated: 2006-01-30None
Description
De nombreuses vulnérabilités affectant certains produits BEA WebLogic peuvent être exploitées à distance par un utilisateur mal intentionné de manière à réaliser plusieurs actions pouvant conduire à la compromission du système.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | Weblogic | BEA WebLogic Express 9.x ; | ||
| Oracle | Weblogic | BEA WebLogic Server 7.x ; | ||
| Oracle | Weblogic | BEA WebLogic Portal 8.x ; | ||
| Oracle | Weblogic | BEA WebLogic Express 8.x ; | ||
| Oracle | Weblogic | BEA WebLogic Express 6.x ; | ||
| Oracle | Weblogic | BEA WebLogic Express 7.x ; | ||
| Oracle | Weblogic | BEA WebLogic Server 6.x ; | ||
| Oracle | Weblogic | BEA WebLogic Server 9.x ; | ||
| Oracle | Weblogic | BEA WebLogic Server 8.x ; |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "BEA WebLogic Express 9.x ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "BEA WebLogic Server 7.x ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "BEA WebLogic Portal 8.x ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "BEA WebLogic Express 8.x ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "BEA WebLogic Express 6.x ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "BEA WebLogic Express 7.x ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "BEA WebLogic Server 6.x ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "BEA WebLogic Server 9.x ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "BEA WebLogic Server 8.x ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nDe nombreuses vuln\u00e9rabilit\u00e9s affectant certains produits BEA WebLogic\npeuvent \u00eatre exploit\u00e9es \u00e0 distance par un utilisateur mal intentionn\u00e9 de\nmani\u00e8re \u00e0 r\u00e9aliser plusieurs actions pouvant conduire \u00e0 la compromission\ndu syst\u00e8me.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"initial_release_date": "2006-01-30T00:00:00",
"last_revision_date": "2006-01-30T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 BEA Systems BEA06-118 du 24 janvier 2006 :",
"url": "http://dev2dev.bea.com/pub/advisory/175"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 BEA Systems BEA06-117 du 24 janvier 2006 :",
"url": "http://dev2dev.bea.com/pub/advisory/174"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 BEA Systems BEA06-108 du 24 janvier 2006 :",
"url": "http://dev2dev.bea.com/pub/advisory/165"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 BEA Systems BEA06-112 du 24 janvier 2006 :",
"url": "http://dev2dev.bea.com/pub/advisory/169"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 BEA Systems BEA06-109 du 24 janvier 2006 :",
"url": "http://dev2dev.bea.com/pub/advisory/166"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 BEA Systems BEA06-110 du 24 janvier 2006 :",
"url": "http://dev2dev.bea.com/pub/advisory/167"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 BEA Systems BEA06-111 du 24 janvier 2006 :",
"url": "http://dev2dev.bea.com/pub/advisory/168"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 BEA Systems BEA06-119 du 24 janvier 2006 :",
"url": "http://dev2dev.bea.com/pub/advisory/176"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 BEA Systems BEA06-114 du 24 janvier 2006 :",
"url": "http://dev2dev.bea.com/pub/advisory/171"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 BEA Systems BEA06-115 du 24 janvier 2006 :",
"url": "http://dev2dev.bea.com/pub/advisory/172"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 BEA Systems BEA06-116 du 24 janvier 2006 :",
"url": "http://dev2dev.bea.com/pub/advisory/173"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 BEA Systems BEA06-113 du 24 janvier 2006 :",
"url": "http://dev2dev.bea.com/pub/advisory/170"
}
],
"reference": "CERTA-2006-AVI-054",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2006-01-30T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": null,
"title": "Multiples vuln\u00e9rabilit\u00e9s dans BEA Weblogic",
"vendor_advisories": [
{
"published_at": null,
"title": "Multiples bulletins de s\u00e9curit\u00e9 de BEA Systems",
"url": null
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…