Vigil@nce: WebLogic Server, several vulnerabilities of July 2008
July 2008 by Vigil@nce
Several vulnerabilities are corrected by the CPU of July 2008.
– Gravity: 3/4
– Consequences: user access/rights, data reading, data
creation/edition, data deletion, denial of service of service
– Provenance: internet client
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 16/07/2008
– Identifier: VIGILANCE-VUL-7951
IMPACTED PRODUCTS
Oracle WebLogic Server [confidential versions]
DESCRIPTION
The CPU (Critical Patch Update) of July 2008 corrects several
vulnerabilities of Oracle WebLogic Server. Oracle’s announce
contains a detailed table, summarized below.
An attacker (via HTTP and not authenticated) can obtain
information, alter information or create a denial of service via a
vulnerability of the plugin for Apache, Sun web and IIS.
[grav:3/4; CVE-2008-2579]
An attacker (via HTTP and not authenticated) can obtain
information, alter information or create a denial of service.
[grav:3/4; CVE-2008-2581]
An attacker (via HTTP and not authenticated) can create a denial
of service. [grav:2/4; CVE-2008-2582]
An attacker (via HTTP and authenticated) can obtain information,
alter information or create a denial of service. [grav:2/4;
CVE-2008-2577]
An attacker (local and authenticated) can obtain information,
alter information or create a denial of service. [grav:2/4;
CVE-2008-2578]
An attacker (local and authenticated) can obtain information,
alter information or create a denial of service. [grav:2/4;
CVE-2008-2576]
An attacker (via HTTP and not authenticated) can obtain
information. [grav:1/4; CVE-2008-2580]
CHARACTERISTICS
– Identifiers: CVE-2008-2576, CVE-2008-2577, CVE-2008-2578,
CVE-2008-2579, CVE-2008-2580, CVE-2008-2581, CVE-2008-2582,
VIGILANCE-VUL-7951
– Url: https://vigilance.aql.fr/tree/1/7951