en-UShttp://dev2dev.bea.com/advisoriesnotifications/Recent BEA security advisories.Copyright BEA Systems, Inc.http://dev2dev.bea.com/advisoriesnotifications/2008-08-25T12:15:06ZMon, 25 Aug 2008 12:15:06 GMTBEA's Dev2Devno BEA's Security Advisories secalert@bea.com https://support.bea.com/application_content/product_portlets/securityadvisories/2808.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/2808.html Protected webapps may be displayed under certain conditions BEA's Dev2DevBEA's Dev2Dev2009-01-13T12:15:06Z31falsehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2009-01-13T12:51:28.170Z https://support.bea.com/application_content/product_portlets/securityadvisories/2811.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/2811.html Protected webapps may be displayed under certain conditions BEA's Dev2DevBEA's Dev2Dev2009-01-13T12:15:06Z31falsehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2009-01-13T12:51:28.170Z https://support.bea.com/application_content/product_portlets/securityadvisories/2810.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/2810.html Protected webapps may be displayed under certain conditions BEA's Dev2DevBEA's Dev2Dev2009-01-13T12:15:06Z31falsehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2009-01-13T12:51:28.170Z https://support.bea.com/application_content/product_portlets/securityadvisories/2807.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/2807.html Protected webapps may be displayed under certain conditions BEA's Dev2DevBEA's Dev2Dev2009-01-13T12:15:06Z31falsehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2009-01-13T12:51:28.170Z https://support.bea.com/application_content/product_portlets/securityadvisories/2809.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/2809.html Protected webapps may be displayed under certain conditions BEA's Dev2DevBEA's Dev2Dev2009-01-13T12:15:06Z31falsehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2009-01-13T12:51:28.170Z https://support.bea.com/application_content/product_portlets/securityadvisories/2801.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/2801.html Protected webapps may be displayed under certain conditions BEA's Dev2DevBEA's Dev2Dev2008-10-14T12:15:06Z31falsehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-10-14T12:51:28.170Z https://support.bea.com/application_content/product_portlets/securityadvisories/2805.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/2805.html Elevation of privilege vulnerability in some NetUI pageflows BEA's Dev2DevBEA's Dev2Dev2008-10-14T12:15:06Z31falsehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-10-14T12:51:28.170Z https://support.bea.com/application_content/product_portlets/securityadvisories/2804.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/2804.html Elevation of privileges for some applications BEA's Dev2DevBEA's Dev2Dev2008-10-14T12:15:06Z31falsehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-10-14T12:51:28.170Z https://support.bea.com/application_content/product_portlets/securityadvisories/2803.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/2803.html Elevation of privilege vulnerability in some NetUI tags BEA's Dev2DevBEA's Dev2Dev2008-10-14T12:15:06Z31falsehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-10-14T12:51:28.170Z https://support.bea.com/application_content/product_portlets/securityadvisories/2802.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/2802.html Elevation of Privilege vulnerability if more than one authorizer is used BEA's Dev2DevBEA's Dev2Dev2008-10-14T12:15:06Z31falsehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-10-14T12:51:28.170Z https://support.bea.com/application_content/product_portlets/securityadvisories/2806.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/2806.html Security vulnerability in WebLogic plug-in for Apache BEA's Dev2DevBEA's Dev2Dev2008-10-14T12:15:06Z31falsehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-10-14T12:51:28.170Z https://support.bea.com/application_content/product_portlets/securityadvisories/2800.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/2800.html Security Vulnerability in the Java Runtime Environment Scripting Language Support may allow information disclosure BEA's Dev2DevBEA's Dev2Dev2008-08-25T12:15:06Z31falsehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-08-25T12:51:28.170Z https://support.bea.com/application_content/product_portlets/securityadvisories/2799.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/2799.html Security Vulnerability in the Java Runtime Environment Scripting Language Support may allow elevation of privileges BEA's Dev2DevBEA's Dev2Dev2008-08-25T12:15:06Z31falsehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-08-25T12:51:28.170Z https://support.bea.com/application_content/product_portlets/securityadvisories/2798.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/2798.html A Security Vulnerability with the processing of fonts in the Java Runtime Environment may allow Elevation of Privileges BEA's Dev2DevBEA's Dev2Dev2008-08-25T12:15:06Z31falsehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-08-25T12:51:28.170Z https://support.bea.com/application_content/product_portlets/securityadvisories/2797.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/2797.html Security Vulnerability in the Java Runtime Environment related to the processing of XML Data may result in information disclosure BEA's Dev2DevBEA's Dev2Dev2008-08-25T12:15:06Z31falsehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-08-25T12:51:28.170Z https://support.bea.com/application_content/product_portlets/securityadvisories/2796.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/2796.html Security Vulnerability in the Java Runtime Environment related to the processing of XML Data may result in information disclosure or denial of service BEA's Dev2DevBEA's Dev2Dev2008-08-25T12:15:06Z31falsehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-08-25T12:51:28.170Z https://support.bea.com/application_content/product_portlets/securityadvisories/2795.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/2795.html Security Vulnerabilities in the Java Runtime Environment may allow Same Origin Policy to be Bypassed BEA's Dev2DevBEA's Dev2Dev2008-08-25T12:15:06Z31falsehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-08-25T12:51:28.170Z https://support.bea.com/application_content/product_portlets/securityadvisories/2794.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/2794.html Security Vulnerability in Java Management Extensions (JMX) BEA's Dev2DevBEA's Dev2Dev2008-08-25T12:15:06Z31falsehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-08-25T12:51:28.170Z https://support.bea.com/application_content/product_portlets/securityadvisories/3257.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/3257.html Security vulnerability in WebLogic plug-in for Apache BEA's Dev2DevBEA's Dev2Dev2008-07-28T20:15:06Z31falsehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-07-28T19:51:28.170Z https://support.bea.com/application_content/product_portlets/securityadvisories/2782.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/2782.html Information Disclosure vulnerability in the ForeignJMS component BEA's Dev2DevBEA's Dev2Dev2008-07-15T20:15:06Z31falsehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-07-15T19:51:28.170Zhttps://support.bea.com/application_content/product_portlets/securityadvisories/2790.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/2790.html Elevation of privilege vulnerability in the Console/WLST BEA's Dev2DevBEA's Dev2Dev2008-07-15T20:15:06Z30falsehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-07-15T19:51:28.170Zhttps://support.bea.com/application_content/product_portlets/securityadvisories/2789.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/2789.html Information Disclosure vulnerability in the WebLogic console or server log BEA's Dev2DevBEA's Dev2Dev2008-07-15T20:15:06Z29falsehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-07-15T19:51:28.170Zhttps://support.bea.com/application_content/product_portlets/securityadvisories/2785.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/2785.html Information disclosure vulnerability in WebLogic plug-ins for Apache, Sun and IIS Web servers BEA's Dev2DevBEA's Dev2Dev2008-07-15T20:15:06Z28falsehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-07-15T19:51:28.170Zhttps://support.bea.com/application_content/product_portlets/securityadvisories/2786.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/2786.html Information disclosure in JSP pages BEA's Dev2DevBEA's Dev2Dev2008-07-15T20:15:06Z27falsehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-07-15T19:51:28.170Zhttps://support.bea.com/application_content/product_portlets/securityadvisories/2791.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/2791.html Elevation of privilege vulnerabilities in the UDDI Explorer BEA's Dev2DevBEA's Dev2Dev2008-07-15T20:15:06Z26falsehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-07-15T19:51:28.170Zhttps://support.bea.com/application_content/product_portlets/securityadvisories/2792.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/2792.html Denial-of-Service vulnerability in WebLogic Server BEA's Dev2DevBEA's Dev2Dev2008-07-15T20:15:06Z25falsehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-07-15T19:51:28.170Zhttps://support.bea.com/application_content/product_portlets/securityadvisories/277.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/277.html Multiple Security Vulnerabilities in the Java Runtime Environment BEA's Dev2DevBEA's Dev2Dev2008-04-16T19:15:08Z24truehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-07-11T16:06:07.299Zhttps://support.bea.com/application_content/product_portlets/securityadvisories/264.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/264.html A WebLogic Portal Administration Console session can inadvertently redirect from https port to an http port BEA's Dev2DevBEA's Dev2Dev2008-02-19T19:45:07Z23truehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-07-11T16:06:07.299Zhttps://support.bea.com/application_content/product_portlets/securityadvisories/265.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/265.html Tampering HTML request headers could lead to an elevation of privileges BEA's Dev2DevBEA's Dev2Dev2008-02-19T19:45:07Z22truehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-07-11T16:06:07.299Zhttps://support.bea.com/application_content/product_portlets/securityadvisories/266.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/266.html When content portlets are deleted from one of the portal?s pages, all entitlements are removed for the application BEA's Dev2DevBEA's Dev2Dev2008-02-19T19:45:07Z21truehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-07-11T16:06:07.299Zhttps://support.bea.com/application_content/product_portlets/securityadvisories/267.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/267.html Non-authorized user may be able to receive messages from a secured JMS Topic destination BEA's Dev2DevBEA's Dev2Dev2008-02-19T19:45:07Z20truehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-07-11T16:06:07.299Zhttps://support.bea.com/application_content/product_portlets/securityadvisories/268.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/268.html A non-authorized user may be able to send messages to a protected distributed queue BEA's Dev2DevBEA's Dev2Dev2008-02-19T19:45:07Z19truehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-07-11T16:06:07.299Zhttps://support.bea.com/application_content/product_portlets/securityadvisories/269.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/269.html Cross-site scripting vulnerability in Console?s Unexpected Exception Page BEA's Dev2DevBEA's Dev2Dev2008-02-19T19:45:07Z18truehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-07-11T16:06:07.299Zhttps://support.bea.com/application_content/product_portlets/securityadvisories/270.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/270.html A session fixation exploit could result in elevated privileges BEA's Dev2DevBEA's Dev2Dev2008-02-19T19:45:07Z17truehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-07-11T16:06:07.299Zhttps://support.bea.com/application_content/product_portlets/securityadvisories/256.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/256.html Security policies on a WebLogic Portal Page can inadvertently be lost by an administrator performing certain editing operations on that page BEA's Dev2DevBEA's Dev2Dev2008-02-19T19:45:07Z16truehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-07-11T16:06:07.299Zhttps://support.bea.com/application_content/product_portlets/securityadvisories/257.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/257.html An entitlement on an instance of a floatable portlet can be bypassed BEA's Dev2DevBEA's Dev2Dev2008-02-19T19:45:07Z15truehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-07-11T16:06:07.299Zhttps://support.bea.com/application_content/product_portlets/securityadvisories/258.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/258.html Cross-site scripting (XSS) vulnerabilities in Web applications using WebLogic Workshop NetUI page flows BEA's Dev2DevBEA's Dev2Dev2008-02-19T19:45:07Z14truehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-07-11T16:06:07.299Zhttps://support.bea.com/application_content/product_portlets/securityadvisories/259.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/259.html BEA Plumtree Portal cross site scripting (XSS) vulnerability BEA's Dev2DevBEA's Dev2Dev2008-02-19T19:45:07Z13truehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-07-11T16:06:07.299Zhttps://support.bea.com/application_content/product_portlets/securityadvisories/260.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/260.html Web Service WSDL and policy is exposed to unauthenticated HTTP clients BEA's Dev2DevBEA's Dev2Dev2008-02-19T19:45:07Z12truehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-07-11T16:06:07.299Zhttps://support.bea.com/application_content/product_portlets/securityadvisories/261.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/261.html JavaScript can be injected into the WLP Groupspace application and can allow for an XSS exploit BEA's Dev2DevBEA's Dev2Dev2008-02-19T19:45:07Z11truehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-07-11T16:06:07.299Zhttps://support.bea.com/application_content/product_portlets/securityadvisories/262.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/262.html Cleartext database password in the config.xml file BEA's Dev2DevBEA's Dev2Dev2008-02-19T19:45:07Z10truehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-07-11T16:06:07.299Zhttps://support.bea.com/application_content/product_portlets/securityadvisories/263.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/263.html Cross-site scripting (XSS) vulnerabilities in Web applications using either WebLogic Workshop NetUI or Apache Beehive NetUI page flows BEA's Dev2DevBEA's Dev2Dev2008-02-19T19:45:07Z9truehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-07-11T16:06:07.299Zhttps://support.bea.com/application_content/product_portlets/securityadvisories/255.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/255.html Application files and resources may be remotely accessed BEA's Dev2DevBEA's Dev2Dev2007-12-12T19:15:10Z8truehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-07-11T16:06:07.299Zhttps://support.bea.com/application_content/product_portlets/securityadvisories/254.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/254.html BEA Plumtree Foundation search facility allows an unauthenticated guest user to search for user objects BEA's Dev2DevBEA's Dev2Dev2007-12-01T02:45:13Z7truehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-07-11T16:06:07.299Zhttps://support.bea.com/application_content/product_portlets/securityadvisories/252.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/252.html BEA Plumtree Foundation full version vulnerability BEA's Dev2DevBEA's Dev2Dev2007-12-01T02:45:13Z6truehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-07-11T16:06:07.299Zhttps://support.bea.com/application_content/product_portlets/securityadvisories/251.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/251.html BEA Plumtree Foundation internal hostname disclosure vulnerability BEA's Dev2DevBEA's Dev2Dev2007-12-01T02:45:13Z5truehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-07-11T16:06:07.299Zhttps://support.bea.com/application_content/product_portlets/securityadvisories/247.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/247.html Malformed headers may cause high disk consumption BEA's Dev2DevBEA's Dev2Dev2007-08-28T18:45:06Z4truehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-07-11T16:06:07.299Zhttps://support.bea.com/application_content/product_portlets/securityadvisories/246.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/246.html A malicious client can cause threads to hang on the server. BEA's Dev2DevBEA's Dev2Dev2007-08-28T18:45:06Z3truehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-07-11T16:06:07.299Zhttps://support.bea.com/application_content/product_portlets/securityadvisories/244.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/244.html SSL clients may not find all possible cipher suites resulting in use of the default null cipher (no encryption) BEA's Dev2DevBEA's Dev2Dev2007-08-28T18:45:06Z2truehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-07-11T16:06:07.299Zhttps://support.bea.com/application_content/product_portlets/securityadvisories/245.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/245.html Server may select a cipher suite that uses a null cipher for SSL communication with SSL clients BEA's Dev2DevBEA's Dev2Dev2007-08-28T18:45:06Z1truehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-07-11T16:06:07.299Zhttps://support.bea.com/application_content/product_portlets/securityadvisories/248.htmlhttps://support.bea.com/application_content/product_portlets/securityadvisories/248.html Multiple Security Vulnerabilities in the Java Runtime Environment BEA's Dev2DevBEA's Dev2Dev2007-08-28T18:45:06Z0truehttps://support.bea.com/application_content/product_portlets/pub/feed/31.html2008-07-11T16:06:07.299Z