Denial of Service in BEA WebLogic for Windows 2000 and Windows NT

Reported July 8, 2002, by Peter Gründl.

VERSIONS AFFECTED

  • BEA Systems WebLogic Server 7.0, 6.0, and 5.1 for Windows 2000 and Windows NT

 

DESCRIPTION
A Denial of Service (DoS) condition exists in BEA Systems' WebLogic Server when used with the performance pack, which installs by default. By data or connection flooding, an attacker can crash the Web service with a report of an error in ntdll.dll.

 

VENDOR RESPONSE

The vendor, BEA Systems, has released Security Advisory BEA02-19 to address this issue and recommends that affected users apply the appropriate patch listed in this advisory.

 

CREDIT
Discovered by Peter Gründl.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish