en-UShttp://dev2dev.bea.com/advisoriesnotifications/Recent BEA security advisories.Copyright BEA Systems, Inc.http://dev2dev.bea.com/advisoriesnotifications/2008-08-25T12:15:06ZMon, 25 Aug 2008 12:15:06 GMTBEA's Dev2Devno BEA's Security Advisories secalert@bea.com http://feeds.feedburner.com/~r/beasecurityadvisories/~3/374612450/2800.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/2800.html Security Vulnerability in the Java Runtime Environment Scripting Language Support may allow information disclosure BEA's Dev2DevBEA's Dev2Dev2008-08-25T12:15:06Z31falsehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-08-25T12:51:28.170Zhttps://support.bea.com/application_content/product_portlets/securityadvisories/2800.html http://feeds.feedburner.com/~r/beasecurityadvisories/~3/374612451/2799.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/2799.html Security Vulnerability in the Java Runtime Environment Scripting Language Support may allow elevation of privileges BEA's Dev2DevBEA's Dev2Dev2008-08-25T12:15:06Z31falsehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-08-25T12:51:28.170Zhttps://support.bea.com/application_content/product_portlets/securityadvisories/2799.html http://feeds.feedburner.com/~r/beasecurityadvisories/~3/374612452/2798.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/2798.html A Security Vulnerability with the processing of fonts in the Java Runtime Environment may allow Elevation of Privileges BEA's Dev2DevBEA's Dev2Dev2008-08-25T12:15:06Z31falsehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-08-25T12:51:28.170Zhttps://support.bea.com/application_content/product_portlets/securityadvisories/2798.html http://feeds.feedburner.com/~r/beasecurityadvisories/~3/374612453/2797.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/2797.html Security Vulnerability in the Java Runtime Environment related to the processing of XML Data may result in information disclosure BEA's Dev2DevBEA's Dev2Dev2008-08-25T12:15:06Z31falsehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-08-25T12:51:28.170Zhttps://support.bea.com/application_content/product_portlets/securityadvisories/2797.html http://feeds.feedburner.com/~r/beasecurityadvisories/~3/374612454/2796.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/2796.html Security Vulnerability in the Java Runtime Environment related to the processing of XML Data may result in information disclosure or denial of service BEA's Dev2DevBEA's Dev2Dev2008-08-25T12:15:06Z31falsehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-08-25T12:51:28.170Zhttps://support.bea.com/application_content/product_portlets/securityadvisories/2796.html http://feeds.feedburner.com/~r/beasecurityadvisories/~3/374612455/2795.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/2795.html Security Vulnerabilities in the Java Runtime Environment may allow Same Origin Policy to be Bypassed BEA's Dev2DevBEA's Dev2Dev2008-08-25T12:15:06Z31falsehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-08-25T12:51:28.170Zhttps://support.bea.com/application_content/product_portlets/securityadvisories/2795.html http://feeds.feedburner.com/~r/beasecurityadvisories/~3/374612456/2794.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/2794.html Security Vulnerability in Java Management Extensions (JMX) BEA's Dev2DevBEA's Dev2Dev2008-08-25T12:15:06Z31falsehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-08-25T12:51:28.170Zhttps://support.bea.com/application_content/product_portlets/securityadvisories/2794.html http://feeds.feedburner.com/~r/beasecurityadvisories/~3/352363418/3257.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/3257.html Security vulnerability in WebLogic plug-in for Apache BEA's Dev2DevBEA's Dev2Dev2008-07-28T20:15:06Z31falsehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-07-28T19:51:28.170Zhttps://support.bea.com/application_content/product_portlets/securityadvisories/3257.html http://feeds.feedburner.com/~r/beasecurityadvisories/~3/351471890/2782.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/2782.html Information Disclosure vulnerability in the ForeignJMS component BEA's Dev2DevBEA's Dev2Dev2008-07-15T20:15:06Z31falsehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-07-15T19:51:28.170Zhttps://support.bea.com/application_content/product_portlets/securityadvisories/2782.htmlhttp://feeds.feedburner.com/~r/beasecurityadvisories/~3/351471891/2790.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/2790.html Elevation of privilege vulnerability in the Console/WLST BEA's Dev2DevBEA's Dev2Dev2008-07-15T20:15:06Z30falsehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-07-15T19:51:28.170Zhttps://support.bea.com/application_content/product_portlets/securityadvisories/2790.htmlhttp://feeds.feedburner.com/~r/beasecurityadvisories/~3/351471892/2789.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/2789.html Information Disclosure vulnerability in the WebLogic console or server log BEA's Dev2DevBEA's Dev2Dev2008-07-15T20:15:06Z29falsehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-07-15T19:51:28.170Zhttps://support.bea.com/application_content/product_portlets/securityadvisories/2789.htmlhttp://feeds.feedburner.com/~r/beasecurityadvisories/~3/351471893/2785.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/2785.html Information disclosure vulnerability in WebLogic plug-ins for Apache, Sun and IIS Web servers BEA's Dev2DevBEA's Dev2Dev2008-07-15T20:15:06Z28falsehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-07-15T19:51:28.170Zhttps://support.bea.com/application_content/product_portlets/securityadvisories/2785.htmlhttp://feeds.feedburner.com/~r/beasecurityadvisories/~3/351471894/2786.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/2786.html Information disclosure in JSP pages BEA's Dev2DevBEA's Dev2Dev2008-07-15T20:15:06Z27falsehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-07-15T19:51:28.170Zhttps://support.bea.com/application_content/product_portlets/securityadvisories/2786.htmlhttp://feeds.feedburner.com/~r/beasecurityadvisories/~3/351471896/2791.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/2791.html Elevation of privilege vulnerabilities in the UDDI Explorer BEA's Dev2DevBEA's Dev2Dev2008-07-15T20:15:06Z26falsehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-07-15T19:51:28.170Zhttps://support.bea.com/application_content/product_portlets/securityadvisories/2791.htmlhttp://feeds.feedburner.com/~r/beasecurityadvisories/~3/351471897/2792.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/2792.html Denial-of-Service vulnerability in WebLogic Server BEA's Dev2DevBEA's Dev2Dev2008-07-15T20:15:06Z25falsehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-07-15T19:51:28.170Zhttps://support.bea.com/application_content/product_portlets/securityadvisories/2792.htmlhttp://feeds.feedburner.com/~r/beasecurityadvisories/~3/351471899/277.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/277.html Multiple Security Vulnerabilities in the Java Runtime Environment BEA's Dev2DevBEA's Dev2Dev2008-04-16T19:15:08Z24truehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-07-11T16:06:07.299Zhttps://support.bea.com/application_content/product_portlets/securityadvisories/277.htmlhttp://feeds.feedburner.com/~r/beasecurityadvisories/~3/351471900/264.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/264.html A WebLogic Portal Administration Console session can inadvertently redirect from https port to an http port BEA's Dev2DevBEA's Dev2Dev2008-02-19T19:45:07Z23truehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-07-11T16:06:07.299Zhttps://support.bea.com/application_content/product_portlets/securityadvisories/264.htmlhttp://feeds.feedburner.com/~r/beasecurityadvisories/~3/351471901/265.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/265.html Tampering HTML request headers could lead to an elevation of privileges BEA's Dev2DevBEA's Dev2Dev2008-02-19T19:45:07Z22truehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-07-11T16:06:07.299Zhttps://support.bea.com/application_content/product_portlets/securityadvisories/265.htmlhttp://feeds.feedburner.com/~r/beasecurityadvisories/~3/351471903/266.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/266.html When content portlets are deleted from one of the portal?s pages, all entitlements are removed for the application BEA's Dev2DevBEA's Dev2Dev2008-02-19T19:45:07Z21truehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-07-11T16:06:07.299Zhttps://support.bea.com/application_content/product_portlets/securityadvisories/266.htmlhttp://feeds.feedburner.com/~r/beasecurityadvisories/~3/351471904/267.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/267.html Non-authorized user may be able to receive messages from a secured JMS Topic destination BEA's Dev2DevBEA's Dev2Dev2008-02-19T19:45:07Z20truehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-07-11T16:06:07.299Zhttps://support.bea.com/application_content/product_portlets/securityadvisories/267.htmlhttp://feeds.feedburner.com/~r/beasecurityadvisories/~3/351471905/268.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/268.html A non-authorized user may be able to send messages to a protected distributed queue BEA's Dev2DevBEA's Dev2Dev2008-02-19T19:45:07Z19truehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-07-11T16:06:07.299Zhttps://support.bea.com/application_content/product_portlets/securityadvisories/268.htmlhttp://feeds.feedburner.com/~r/beasecurityadvisories/~3/351471913/269.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/269.html Cross-site scripting vulnerability in Console?s Unexpected Exception Page BEA's Dev2DevBEA's Dev2Dev2008-02-19T19:45:07Z18truehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-07-11T16:06:07.299Zhttps://support.bea.com/application_content/product_portlets/securityadvisories/269.htmlhttp://feeds.feedburner.com/~r/beasecurityadvisories/~3/351471914/270.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/270.html A session fixation exploit could result in elevated privileges BEA's Dev2DevBEA's Dev2Dev2008-02-19T19:45:07Z17truehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-07-11T16:06:07.299Zhttps://support.bea.com/application_content/product_portlets/securityadvisories/270.htmlhttp://feeds.feedburner.com/~r/beasecurityadvisories/~3/351471915/256.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/256.html Security policies on a WebLogic Portal Page can inadvertently be lost by an administrator performing certain editing operations on that page BEA's Dev2DevBEA's Dev2Dev2008-02-19T19:45:07Z16truehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-07-11T16:06:07.299Zhttps://support.bea.com/application_content/product_portlets/securityadvisories/256.htmlhttp://feeds.feedburner.com/~r/beasecurityadvisories/~3/351471917/257.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/257.html An entitlement on an instance of a floatable portlet can be bypassed BEA's Dev2DevBEA's Dev2Dev2008-02-19T19:45:07Z15truehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-07-11T16:06:07.299Zhttps://support.bea.com/application_content/product_portlets/securityadvisories/257.htmlhttp://feeds.feedburner.com/~r/beasecurityadvisories/~3/351471918/258.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/258.html Cross-site scripting (XSS) vulnerabilities in Web applications using WebLogic Workshop NetUI page flows BEA's Dev2DevBEA's Dev2Dev2008-02-19T19:45:07Z14truehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-07-11T16:06:07.299Zhttps://support.bea.com/application_content/product_portlets/securityadvisories/258.htmlhttp://feeds.feedburner.com/~r/beasecurityadvisories/~3/351471925/259.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/259.html BEA Plumtree Portal cross site scripting (XSS) vulnerability BEA's Dev2DevBEA's Dev2Dev2008-02-19T19:45:07Z13truehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-07-11T16:06:07.299Zhttps://support.bea.com/application_content/product_portlets/securityadvisories/259.htmlhttp://feeds.feedburner.com/~r/beasecurityadvisories/~3/351471927/260.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/260.html Web Service WSDL and policy is exposed to unauthenticated HTTP clients BEA's Dev2DevBEA's Dev2Dev2008-02-19T19:45:07Z12truehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-07-11T16:06:07.299Zhttps://support.bea.com/application_content/product_portlets/securityadvisories/260.htmlhttp://feeds.feedburner.com/~r/beasecurityadvisories/~3/351471931/261.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/261.html JavaScript can be injected into the WLP Groupspace application and can allow for an XSS exploit BEA's Dev2DevBEA's Dev2Dev2008-02-19T19:45:07Z11truehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-07-11T16:06:07.299Zhttps://support.bea.com/application_content/product_portlets/securityadvisories/261.htmlhttp://feeds.feedburner.com/~r/beasecurityadvisories/~3/351471932/262.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/262.html Cleartext database password in the config.xml file BEA's Dev2DevBEA's Dev2Dev2008-02-19T19:45:07Z10truehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-07-11T16:06:07.299Zhttps://support.bea.com/application_content/product_portlets/securityadvisories/262.htmlhttp://feeds.feedburner.com/~r/beasecurityadvisories/~3/351471933/263.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/263.html Cross-site scripting (XSS) vulnerabilities in Web applications using either WebLogic Workshop NetUI or Apache Beehive NetUI page flows BEA's Dev2DevBEA's Dev2Dev2008-02-19T19:45:07Z9truehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-07-11T16:06:07.299Zhttps://support.bea.com/application_content/product_portlets/securityadvisories/263.htmlhttp://feeds.feedburner.com/~r/beasecurityadvisories/~3/351471934/255.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/255.html Application files and resources may be remotely accessed BEA's Dev2DevBEA's Dev2Dev2007-12-12T19:15:10Z8truehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-07-11T16:06:07.299Zhttps://support.bea.com/application_content/product_portlets/securityadvisories/255.htmlhttp://feeds.feedburner.com/~r/beasecurityadvisories/~3/351471935/254.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/254.html BEA Plumtree Foundation search facility allows an unauthenticated guest user to search for user objects BEA's Dev2DevBEA's Dev2Dev2007-12-01T02:45:13Z7truehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-07-11T16:06:07.299Zhttps://support.bea.com/application_content/product_portlets/securityadvisories/254.htmlhttp://feeds.feedburner.com/~r/beasecurityadvisories/~3/351471936/252.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/252.html BEA Plumtree Foundation full version vulnerability BEA's Dev2DevBEA's Dev2Dev2007-12-01T02:45:13Z6truehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-07-11T16:06:07.299Zhttps://support.bea.com/application_content/product_portlets/securityadvisories/252.htmlhttp://feeds.feedburner.com/~r/beasecurityadvisories/~3/351471937/251.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/251.html BEA Plumtree Foundation internal hostname disclosure vulnerability BEA's Dev2DevBEA's Dev2Dev2007-12-01T02:45:13Z5truehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-07-11T16:06:07.299Zhttps://support.bea.com/application_content/product_portlets/securityadvisories/251.htmlhttp://feeds.feedburner.com/~r/beasecurityadvisories/~3/351471938/247.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/247.html Malformed headers may cause high disk consumption BEA's Dev2DevBEA's Dev2Dev2007-08-28T18:45:06Z4truehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-07-11T16:06:07.299Zhttps://support.bea.com/application_content/product_portlets/securityadvisories/247.htmlhttp://feeds.feedburner.com/~r/beasecurityadvisories/~3/351471939/246.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/246.html A malicious client can cause threads to hang on the server. BEA's Dev2DevBEA's Dev2Dev2007-08-28T18:45:06Z3truehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-07-11T16:06:07.299Zhttps://support.bea.com/application_content/product_portlets/securityadvisories/246.htmlhttp://feeds.feedburner.com/~r/beasecurityadvisories/~3/351471940/244.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/244.html SSL clients may not find all possible cipher suites resulting in use of the default null cipher (no encryption) BEA's Dev2DevBEA's Dev2Dev2007-08-28T18:45:06Z2truehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-07-11T16:06:07.299Zhttps://support.bea.com/application_content/product_portlets/securityadvisories/244.htmlhttp://feeds.feedburner.com/~r/beasecurityadvisories/~3/351471941/245.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/245.html Server may select a cipher suite that uses a null cipher for SSL communication with SSL clients BEA's Dev2DevBEA's Dev2Dev2007-08-28T18:45:06Z1truehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-07-11T16:06:07.299Zhttps://support.bea.com/application_content/product_portlets/securityadvisories/245.htmlhttp://feeds.feedburner.com/~r/beasecurityadvisories/~3/351471942/248.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/248.html Multiple Security Vulnerabilities in the Java Runtime Environment BEA's Dev2DevBEA's Dev2Dev2007-08-28T18:45:06Z0truehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-07-11T16:06:07.299Zhttps://support.bea.com/application_content/product_portlets/securityadvisories/248.html