Close

HAVE QUESTIONS?

A partner account manager can help. Contact us today.

 Subscribe me to your mailing list

[ERPSCAN-14-022] Oracle Weblogic Application Server – Authorization bypass

Application: Oracle Weblogic Application Server
Versions Affected: WebLogic Server 10.3.6.0/10.3.1.0, maybe others
Vendor URL: http://www.oracle.com
Bugs: Authorization bypass
Exploits: YES
Reported: 11.06.2014
Vendor response: 12.06.2014
Date of Public Advisory: 17.10.2014
Reference: Oracle CPU October 2014
Author: Alexey Tyurin (ERPScan)

VULNERABILITY INFORMATION
Class: [CWE-425]
Impact: Partial Authorization bypass (Directory lising, RCE for Windows OS)
Remotely Exploitable: Yes
Locally Exploitable: No

Description
A remote attacker can conduct an Authorization Bypass attack against Oracle Weblogic Application Server and gain full control.

Business Risk
The vulnerability can lead to disclosure of the information on the system without authentication and can help an attacker to penetrate the system. An attacker can use the information from this service for subsequent attacks, which will lead to illegal access to business-critical information.

VULNERABLE PACKAGES
WebLogic Server 10.3.6.0/10.3.1.0
Other versions are probably affected too, but they were not checked.

SOLUTIONS AND WORKAROUNDS
Patch or Set Strong Passwords for a WebLogic's accounts.

TECHNICAL DESCRIPTION
Proof of Concept

Directory listing
http://weblogic_server/console/console.portal?_nfpb=true&_pageLabel=AppApplicationInstallPage
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html