Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

WebLogic Internal Management Servlet Authentication Bypass



The remote host is vulnerable to a flaw which allows for the bypassing of authentication.


The remote web server is an unpatched version of WebLogic. This version has an internal management servlet which does not properly check the user credentials and can be accessed from the outside, allowing an attacker to change the passwords of the users or even to upload or download any file on the remote server.


Apply SP2 rolling patch 3 on WebLogic 6.0, service pack 4 on WebLogic 6.1 and SP2 on WebLogic 7.0