Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: Oracle WebLogic Server Security Alert - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Oracle WebLogic Server Security Alert

Oracle issued a Security Alert that address a vulnerability in the Node Manager component of Oracle WebLogic Server (CVE-2010-0073).

According to Oracle, "This vulnerability may be remotely exploitable without authentication. A knowledgeable and malicious remote user can exploit this vulnerability which can result in impacting the availability, integrity and confidentiality of the targeted system." Oracle strongly recommends testing and apply this fix as soon as possible. Additional information is available here.

The list of affected product:

Oracle WebLogic Server 11gR1 releases (10.3.1 and 10.3.2)
Oracle WebLogic Server 10gR3 release (10.3.0)
Oracle WebLogic Server 10.0 through MP2
Oracle WebLogic Server 9.0, 9.1, 9.2 through MP3
Oracle WebLogic Server 8.1 through SP6
Oracle WebLogic Server 7.0 through SP7

-----------

 Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot org

Guy

414 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!