Dev2Dev Online: Security Advisories and Notifications

IT セキュリティ

BEA社からSecurity Advisories が出ています。

Date Number Title Type Threat* Severity** CVSS Rating*** Products Affected****
2008/2/19 BEA08-183.00 Security policies on a WebLogic Portal Page can inadvertently be lost by an administrator performing certain editing operations on that page advisory Low Medium 2.1 (Low) WLP 8.1 (SP3-SP6)
2008/2/19 BEA08-184.00 An entitlement on an instance of a floatable portlet can be bypassed advisory Low Medium 4.3 (Medium) WLP 8.1 (-SP6)
2008/2/19 BEA08-185.00 Cross-site scripting (XSS) vulnerabilities in Web applications using WebLogic Workshop NetUI page flows advisory High High 7.6 (High) WLW 8.1 (-SP5)
2008/2/19 BEA08-186.00 BEA Plumtree Portal cross site scripting (XSS) vulnerability advisory Medium Medium 5 (Medium) BEA AquaLogic Interaction 6.1 (-MP1)
BEA Plumtree Foundation 6.0 (-SP1)
2008/2/19 BEA08-187.00 Web Service WSDL and policy is exposed to unauthenticated HTTP clients advisory Medium Low 2.6 (Low) WLS 9.1
WLS 9.0
2008/2/19 BEA08-188.00 JavaScript can be injected into the WLP Groupspace application and can allow for an XSS exploit advisory Medium Medium 4.0 (Low) WLP 10.0
WLP 9.2 (-MP1)
2008/2/19 BEA08-110.01 Cleartext database password in the config.xml file advisory Low Medium WLP 8.1 (-SP3)
WLP 7.0 (SP4 - SP7)
2008/2/19 BEA08-189.00 Cross-site scripting (XSS) vulnerabilities in Web applications using either WebLogic Workshop NetUI or Apache Beehive NetUI page flows advisory High High 6.8 (Medium) WLW 10.0
WLW 9.2 (-MP1)
WLW 9.1
WLW 9.0
WLW 8.1 (-SP6)
2008/2/19 BEA08-190.00 A WebLogic Portal Administration Console session can inadvertently redirect from https port to an http port advisory Medium High 8.8 (High) WLP 10.0
WLP 9.2 (-MP2)
2008/2/19 BEA08-191.00 Tampering HTML request headers could lead to an elevation of privileges advisory High Medium 6.4 (Medium) WLS 10.0
WLS 9.2 (-MP1)
WLS 9.1
WLS 9.0
WLS 8.1 (-SP6)
WLS7.0 (-SP7)
WLS 6.1 (-SP7)
2008/2/19 BEA08-192.00 When content portlets are deleted from one of the portal’s pages, all entitlements are removed for the application advisory Low Medium 3.6 (Low) WLP 10.0
WLP 9.2 (-MP1)
2008/2/19 BEA08-193.00 Non-authorized user may be able to receive messages from a secured JMS Topic destination advisory Medium High 8.3 (High) WLS 10
WLS 9.2 (-MP1)
WLS 9.1
WLS 9.0
2008/2/19 BEA08-194.00 A non-authorized user may be able to send messages to a protected distributed queue advisory Medium High 8.3 (High) WLS 10
WLS 9.2 (-MP1)
WLS 9.1
WLS 9.0
2008/2/19 BEA08-195.00 Cross-site scripting vulnerability in Console’s Unexpected Exception Page advisory Medium High 6.1 (Medium) WLS 10.0
WLS 9.2 (-MP1)
WLS 9.1
WLS 9.0
2008/2/19 BEA08-196.00 A session fixation exploit could result in elevated privileges advisory Low High 6.8 (High) WLS 10.0
WLS 9.2 (-MP1)
WLS 8.1 (SP4 - SP6)
2008/2/19 BEA08-197.00 Account lockout can be bypassed, exposing the account to a brute-force password attack advisory Medium Medium 6.8 (Medium) WLS 10.0 (-MP1)
WLS 9.2 (-MP2)
WLS 9.1
WLS 9.0
WLS 8.1 (-SP6)
WLS 7.0 (-SP7)
2008/2/19 BEA08-198.00 Multiple Security Vulnerabilities in Java Web Start and the Java Plug-in for browsers advisory Low Medium 2.4 (Low) BEA JRockit R24:JRockit R24.3-1.4.2_04 to R24.5-1.4.2_08
BEA JRockit R25: JRockit R25.0-1.5.0 to R25.2-1.5.0_03
2008/2/19 BEA08-80.04 Patches available to prevent multiple cross-site scripting (XSS) vulnerabilities advisory High High WLS 10.0 (-MP1)
WLS 9.2 (-MP2)
WLS 9.1
WLS 9.0
WLS 8.1 (-SP6)
WLS 7.0 (-SP7)
WLS 6.1 (-SP7)
2008/2/19 BEA08-159.01 Requests served through WebLogic proxy servlets may acquire elevated privileges advisory Medium High 5.6 (Medium) WLS 9.1
WLS 9.0
WLS 8.1 (-SP5)
WLS 7.0 (-SP7)
WLS 6.1 (-SP7)
2008/2/19 BEA08-199.00 A carefully constructed URL may cause the Sun, IIS or Apache web-server to crash advisory High High 5.0 (Medium) Plug-ins dated prior to November 2007
2008/2/19 BEA08-200.00 Server files can be accessed by a remote user advisory High High 7.8 (High) BEA AquaLogic Collaboration 4.2.
BEA Plumtree Collaboration 4.1

関連URL

screenshot