Network Security News – Monday, October 24, 2005 Events
Linux Kernel IPv6 udp_v6_get_port() Function Local DoS
Linux contains a flaw that may allow a local denial of service. The issue is due to an infinite loop error in the "udp_v6_get_port()" function in "net/ipv6/udp.c", and will result in loss of availability.. Read more at osvdb.org/20163
BEA WebLogic One-way SSL Session Encryption Failure
BEA WebLogic contains a flaw that may lead to an unauthorized information disclosure. Өe problem is triggered when a client logs in by using one-way SSL without specifiying the user which results in unprotected network traffic.. Read more at osvdb.org/20094
BEA WebLogic Unspecified Thread Hang DoS
BEA WebLogic contains a flaw that may allow a remote attacker to cause unspecified server threads to hang. No further details have been provided.. Read more at osvdb.org/20092
BEA WebLogic WebApp/EJB run-as Security Role Privilege Escalation
BEA WebLogic contains a flaw that may allow a remote attacker to gain access to unauthorized privileges. The issue is triggered due to an error in the deploying of Web applications and EJBs, which may allow a remote authenticated attacker to change privileges in a Web application or EJB from the Deployer security role to the Admin security role by exploiting the run-as deployment descriptor element, resulting in a loss of integrity.. Read more at osvdb.org/20096
BEA WebLogic Internal IP Address Disclosure
BEA WebLogic contains a flaw that may lead to an unauthorized information disclosure. Өe problem is that internal IP addresses of machines behind a firewall can be disclosed by a remote attacker via NAT resulting in a loss of confidentiality.. Read more at osvdb.org/20097
BEA WebLogic Invalid Login Attempt Threshold Bypass
BEA WebLogic contains a flaw that may allow a remote attacker to bypass authentication settings. The problem is that the application does not restrict invalid login attempts, which may allow a remote attacker to conduct a brute-force attack against a username and gain unauthorized access resulting in a loss of integrity.. Read more at osvdb.org/20113
BEA WebLogic Multiple Unspecified XSS
BEA WebLogic contains multiple unspecified flaws that allows a remote cross site scripting attack. No further details have been provided.. Read more at osvdb.org/20093
BEA WebLogic -D Switch Server Log Cleartext Credential Disclosure
BEA WebLogic contains a flaw that may lead to an unauthorized information disclosure. Өe issue is triggered when system properties are supplied on the Java command-line by using the -D switch when booting the server, which may allow a remote attacker with read access to the server log to disclose sensitive information resulting in a loss of confidentiality.. Read more at osvdb.org/20105
BEA WebLogic Consecutive Non-SSL T3 Connection Encryption Failure
BEA WebLogic contains a flaw that may lead to an unauthorized information disclosure. Өe problem is that if a Java client application creates an insecure and a secure SSL connection to the same server, then the first non-SSL connection will be used which will disclose sensitive information resulting in a loss of confidentiality.. Read more at osvdb.org/20095
BEA WebLogic Failed Login Administrator Account Lockout DoS
BEA WebLogic contains a flaw that may allow a remote denial of service. The issue is triggered when a certain number of invalid login attempts are made, which may allow a remote attacker who knows the name of the administrative user to lock out that user. Note: this does not affect administrative users which are already logged in.. Read more at osvdb.org/20108
Vuln: FlatNuke Index.PHP Multiple Remote File Include Vulnerabilities
FlatNuke Index.PHP Multiple Remote File Include Vulnerabilities. Read more at securityfocus.com/bid/15172
Leave a Reply