[SAC] Re: [OSGeo] #79: possible SVN corruption in MapGuide vault?
OSGeo
trac_osgeo at osgeo.org
Mon Mar 19 20:55:04 EDT 2007
#79: possible SVN corruption in MapGuide vault?
-----------------------------+----------------------------------------------
Reporter: waltweltonlair | Owner: sac at lists.osgeo.org
Type: task | Status: reopened
Priority: major | Component: SAC
Resolution: | Keywords:
-----------------------------+----------------------------------------------
Changes (by waltweltonlair):
* status: closed => reopened
* resolution: fixed =>
Comment:
''I just heard back from Autodesk IT, and according to them the correct
method to resolve this issue would be to apply the required patch to the
web server. See the following info...''
[[BR]]
!WebLogic redirect request plug-in buffer overflow can be used to gain
root (HTTP_WebLogic_PluginBO)
'''Vulnerability description'''
BEA !WebLogic Server and !WebLogic Express versions 5.1.0 and 4.5.x are
vulnerable to a buffer overflow in the plugin that allows other Web
servers to redirect requests to the !WebLogic server. By requesting a Java
Server Page (.JSP file) from the BEA !WebLogic server with a URL
containing 2048 characters or more, a remote attacker can overflow a
buffer and crash the Web server or execute arbitrary code on the system.
An attacker may be able to use this to gain root level privileges in Unix
or SYSTEM privileges in Windows NT.
'''How to remove this vulnerability'''
Apply the proxy plug-in patch, as listed in BEA Systems, Inc. Security
Advisory BEA00-05.01. See References.
'''References'''
'''BEA Systems, Inc. Security Advisory BEA00-05.01'''
[[BR]]Patch Available for Buffer Overflow in BEA !WebLogic Server Proxy
Plug-In
[[BR]]http://dev2dev.bea.com/pub/advisory/40
--
Ticket URL: <http://trac.osgeo.org/osgeo/ticket/79#comment:3>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
More information about the Sac
mailing list