[SAC] Re: [OSGeo] #79: possible SVN corruption in MapGuide vault?

OSGeo trac_osgeo at osgeo.org
Mon Mar 19 20:55:04 EDT 2007

#79: possible SVN corruption in MapGuide vault?
  Reporter:  waltweltonlair  |       Owner:  sac at lists.osgeo.org
      Type:  task            |      Status:  reopened           
  Priority:  major           |   Component:  SAC                
Resolution:                  |    Keywords:                     
Changes (by waltweltonlair):

  * status:  closed => reopened
  * resolution:  fixed =>


 ''I just heard back from Autodesk IT, and according to them the correct
 method to resolve this issue would be to apply the required patch to the
 web server. See the following info...''


 !WebLogic redirect request plug-in buffer overflow can be used to gain
 root (HTTP_WebLogic_PluginBO)

 '''Vulnerability description'''

 BEA !WebLogic Server and !WebLogic Express versions 5.1.0 and 4.5.x are
 vulnerable to a buffer overflow in the plugin that allows other Web
 servers to redirect requests to the !WebLogic server. By requesting a Java
 Server Page (.JSP file) from the BEA !WebLogic server with a URL
 containing 2048 characters or more, a remote attacker can overflow a
 buffer and crash the Web server or execute arbitrary code on the system.
 An attacker may be able to use this to gain root level privileges in Unix
 or SYSTEM privileges in Windows NT.

 '''How to remove this vulnerability'''

 Apply the proxy plug-in patch, as listed in BEA Systems, Inc. Security
 Advisory BEA00-05.01. See References.


 '''BEA Systems, Inc. Security Advisory BEA00-05.01'''
 [[BR]]Patch Available for Buffer Overflow in BEA !WebLogic Server Proxy

Ticket URL: <http://trac.osgeo.org/osgeo/ticket/79#comment:3>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.

More information about the Sac mailing list