WebLogic SSL Certificate Chain User Spoofing

This script is Copyright (C) 2003-2012 Tenable Network Security, Inc.


Synopsis :

The remote service is vulnerable to an impersonation attack.

Description :

The remote web server is running WebLogic.

There is a bug in this version that could allow an attacker to perform
a man-in-the-middle attack against the remote server by supplying a
self-signed certificate.

An attacker with a legitimate certificate could use this flaw to
impersonate any other user on the remote server.

See also :

http://www.thoughtcrime.org/ie-ssl-chain.txt

Solution :

Upgrade to listed versions or higher, as it has been reported to fix
this vulnerability. Upgrades and/or patches are required as there are
no known workarounds.

WebLogic Server and Express 7.0 or 7.0.0.1:
- Apply Service Pack 2.
- If using NSAPI Plugin, ISAPI Plugin, or Apache Plugin should upgrade to the 7.0
Service Pack 2 version of the Plugin.

WebLogic Server and Express 6.1:
- Apply Service Pack 5.
- If using NSAPI Plugin, ISAPI Plugin, or Apache Plugin should upgrade to the 6.1
Service Pack 5 version of the Plugin.

WebLogic Server and Express 5.1:
- Apply Service Pack 13.
- Apply CR090101_src510 patch.

WebLogic Enterprise 5.1:
- Apply Rolling Patch 145 or later.

WebLogic Enterprise 5.0:
- Apply Rolling Patch 59 or later.

WebLogic Tuxedo 8.1:
- Apply Rolling Patch 12 or later.

WebLogic Tuxedo 8.0:
- Apply Rolling Patch 166 or later.

Risk factor :

Medium / CVSS Base Score : 6.4
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)

Family: Web Servers

Nessus Plugin ID: 11628 ()

Bugtraq ID:

CVE ID: