Oracle Fusion Middleware

なんか、かなーり出ています＞アドバイザリー

Date Number Title Type Products Affected

2006/1/23 BEA06-119.00 Console applies incorrect JNDI policies. advisory WLS 9.0

2006/1/23 BEA06-118.00 Server's SSL identity not properly protected from applications. advisory WLS 8.1 SP5

2006/1/23 BEA06-117.00 Using a connection filter can cause the server to slow down advisory WLS 9.0,WLS 8.1 (-SP5),WLS 7.0 (-SP6)

2006/1/23 BEA06-116.00 Non-active security provider appears active. advisory WLS 9.0

2006/1/23 BEA06-115.00 A patch is available to enforce access to only specific resources. advisory WLP 8.1 SP3, SP4, SP5

2006/1/23 BEA06-114.00 Application code installed on a server may be able to decrypt passwords advisory WLS 9.0,WLS 8.1 (-SP5)

2006/1/23 BEA06-113.00 Changed passwords may show up in audit log advisory WLS 8.1 (-SP4)

2006/1/23 BEA06-112.00 An application's deployment descriptor source is visible. advisory WLP 8.1 (-SP4)

2006/1/23 BEA06-111.00 The server log may be remotely viewable. advisory WLS 8.1 (-SP4),WLS 7.0 (-SP6),WLS 6.1 (-SP7)

2006/1/23 BEA06-110.00 Cleartext database password in the config.xml file. advisory WLP 8.1 (-SP3)

2006/1/23 BEA06-109.00 Multiple MBean vulnerabilities. advisory WLS 8.1 (-SP4),WLS 7.0 (-SP6),WLS 6.1 (-SP7)

2006/1/23 BEA06-108.00 Documentation is available describing securing multiple-domains managed from one instance of the WebLogic Server Administration Console. advisory WLS 7.0,WLS 6.1

2006/1/23 BEA06-106.01 Requests for a servlet doing relative forwarding may result in a Denial-of-Service (DOS) attack. advisory WLS 8.1 (-SP4),WLS 7.0 (-SP6)

2006/1/23 BEA06-81.01 Anonymous binds to the embedded LDAP server are allowed. advisory WLS 9.0,WLS 8.1 (-SP5),WLS 7.0 (-SP6)

てか、勝手にアドバイザリー過去日付で追加するのやめれ！＞BEA

Date Number Title Type Products Affected

2003/11/11 BEA03-43.00 Workaround available to prevent Mbean exposure advisory WLS 8.1 (-SP1),WLS 7.0 (-SP4),WLS 6.1 (-SP5)

Date	Number	Title	Type	Products Affected
2006/1/23	BEA06-119.00	Console applies incorrect JNDI policies.	advisory	WLS 9.0
2006/1/23	BEA06-118.00	Server's SSL identity not properly protected from applications.	advisory	WLS 8.1 SP5
2006/1/23	BEA06-117.00	Using a connection filter can cause the server to slow down	advisory	WLS 9.0,WLS 8.1 (-SP5),WLS 7.0 (-SP6)
2006/1/23	BEA06-116.00	Non-active security provider appears active.	advisory	WLS 9.0
2006/1/23	BEA06-115.00	A patch is available to enforce access to only specific resources.	advisory	WLP 8.1 SP3, SP4, SP5
2006/1/23	BEA06-114.00	Application code installed on a server may be able to decrypt passwords	advisory	WLS 9.0,WLS 8.1 (-SP5)
2006/1/23	BEA06-113.00	Changed passwords may show up in audit log	advisory	WLS 8.1 (-SP4)
2006/1/23	BEA06-112.00	An application's deployment descriptor source is visible.	advisory	WLP 8.1 (-SP4)
2006/1/23	BEA06-111.00	The server log may be remotely viewable.	advisory	WLS 8.1 (-SP4),WLS 7.0 (-SP6),WLS 6.1 (-SP7)
2006/1/23	BEA06-110.00	Cleartext database password in the config.xml file.	advisory	WLP 8.1 (-SP3)
2006/1/23	BEA06-109.00	Multiple MBean vulnerabilities.	advisory	WLS 8.1 (-SP4),WLS 7.0 (-SP6),WLS 6.1 (-SP7)
2006/1/23	BEA06-108.00	Documentation is available describing securing multiple-domains managed from one instance of the WebLogic Server Administration Console.	advisory	WLS 7.0,WLS 6.1
2006/1/23	BEA06-106.01	Requests for a servlet doing relative forwarding may result in a Denial-of-Service (DOS) attack.	advisory	WLS 8.1 (-SP4),WLS 7.0 (-SP6)
2006/1/23	BEA06-81.01	Anonymous binds to the embedded LDAP server are allowed.	advisory	WLS 9.0,WLS 8.1 (-SP5),WLS 7.0 (-SP6)