Oracle Fusion Middleware


Date Number Title Type Products Affected
2006/1/23 BEA06-119.00 Console applies incorrect JNDI policies. advisory WLS 9.0
2006/1/23 BEA06-118.00 Server's SSL identity not properly protected from applications. advisory WLS 8.1 SP5
2006/1/23 BEA06-117.00 Using a connection filter can cause the server to slow down advisory WLS 9.0,WLS 8.1 (-SP5),WLS 7.0 (-SP6)
2006/1/23 BEA06-116.00 Non-active security provider appears active. advisory WLS 9.0
2006/1/23 BEA06-115.00 A patch is available to enforce access to only specific resources. advisory WLP 8.1 SP3, SP4, SP5
2006/1/23 BEA06-114.00 Application code installed on a server may be able to decrypt passwords advisory WLS 9.0,WLS 8.1 (-SP5)
2006/1/23 BEA06-113.00 Changed passwords may show up in audit log advisory WLS 8.1 (-SP4)
2006/1/23 BEA06-112.00 An application's deployment descriptor source is visible. advisory WLP 8.1 (-SP4)
2006/1/23 BEA06-111.00 The server log may be remotely viewable. advisory WLS 8.1 (-SP4),WLS 7.0 (-SP6),WLS 6.1 (-SP7)
2006/1/23 BEA06-110.00 Cleartext database password in the config.xml file. advisory WLP 8.1 (-SP3)
2006/1/23 BEA06-109.00 Multiple MBean vulnerabilities. advisory WLS 8.1 (-SP4),WLS 7.0 (-SP6),WLS 6.1 (-SP7)
2006/1/23 BEA06-108.00 Documentation is available describing securing multiple-domains managed from one instance of the WebLogic Server Administration Console. advisory WLS 7.0,WLS 6.1
2006/1/23 BEA06-106.01 Requests for a servlet doing relative forwarding may result in a Denial-of-Service (DOS) attack. advisory WLS 8.1 (-SP4),WLS 7.0 (-SP6)
2006/1/23 BEA06-81.01 Anonymous binds to the embedded LDAP server are allowed. advisory WLS 9.0,WLS 8.1 (-SP5),WLS 7.0 (-SP6)


Date Number Title Type Products Affected
2003/11/11 BEA03-43.00 Workaround available to prevent Mbean exposure advisory WLS 8.1 (-SP1),WLS 7.0 (-SP4),WLS 6.1 (-SP5)