BEA Systems WebLogic Web Application authentication bypass
by Nikola Strahija on March 25th, 2003 Under certain circumstances, web application component of BEA WebLogic is vulnerable to authentication bypass.
Web application component that implements session persistence is redistributed without a server reboot and an authenticated user session can, in some cases, be reused by any user for a variable period of time without requiring valid credentials.
This vulnerability may be exploited to gain access to the WebLogic server without prior authentication.
Vulnerable:
BEA Systems Weblogic Server 7.0 .0.1 SP 1
BEA Systems Weblogic Server 7.0 .0.1
BEA Systems Weblogic Server 7.0 SP 1
BEA Systems Weblogic Server 7.0
BEA Systems WebLogic Server for Win32 7.0 .0.1 SP 1
BEA Systems WebLogic Server for Win32 7.0 .0.1
BEA Systems WebLogic Server for Win32 7.0 SP 1
BEA Systems WebLogic Server for Win32 7.0
Not vulnerable:
BEA Systems Weblogic Server 7.0 .0.1 SP 2
BEA Systems Weblogic Server 7.0 SP 2
Solution:
Fixes and updates are available:
BEA Systems Upgrade WebLogic Server 7.0.0.1 SP2
http://commerce.beasys.com/downloads/weblogic_server.jsp#wls
BEA Systems Upgrade WebLogic Server 7.0.0.1 SP2
http://commerce.beasys.com/downloads/weblogic_server.jsp#wls
BEA Systems Upgrade WebLogic Server 7.0 SP2
http://commerce.beasys.com/downloads/weblogic_server.jsp#wls
BEA Systems Upgrade WebLogic Server 7.0 SP2
http://commerce.beasys.com/downloads/weblogic_server.jsp#wls
Sources:
BEA advisory:
http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-27.jsp
