Penetration Testing mailing list archives

Re: PeopleSoft Vulnerabilities?

From: "Mike Brentlinger" <mdbrentlinger () hotmail com>
Date: Tue, 07 Aug 2001 18:54:09 -0400

It depends on what its running on.... most of the deployments on NT use BEAweblogic as a web server to serve up the pages to end users....


http://www.pentasafe.com/products/beaweblogic.htm
http://commerce.bea.com/downloads/weblogic_server_security.jsp

also a search on www.security-focus.com of the "vulerabilities" section
for "bea". yeilds 9 results ranging from n/a to pretty scary for us


a search on packet storm for "weblogic" yeilds 11 vulnerabilties

http://209.100.212.5/cgi-bin/search/search.cgi?searchvalue=%22weblogic%22&counts=12&type=archives

things like "Bea WebLogic Server for Windows NT prior to V5.1.0 (sp7) has aremotely exploitable buffer overflow in the handling of URL's

which start with two dots. sound good to me :-)

-mdb

----Original Message Follows----
From: "Dunlap, Terry J (US - Cincinnati)" <tdunlap () deloitte com>
To: "'pen-test () securityfocus com'" <pen-test () securityfocus com>
Subject: PeopleSoft Vulnerabilities?
Date: Mon, 6 Aug 2001 11:44:12 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Next week I will become part of a security design team at a client
site upgrading to PeopleSoft 8.0. My background has been primarily
network security/pen-testing. Does anyone know of specific
vulnerabilities with the PeopleSoft package that I should be aware
of?

Thanks in advance for all your help.

Terry Dunlap, MCSE, MCP, Network+, A+
Secure e-Business Consultant
- ----------------------------------------
Deloitte & Touche
250 East Fifth Street
Suite 1900
Cincinnati, Ohio 45201
(513) 784-7102

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBO268FAyPQhKwR6xfEQJ5AgCfc+BsFNavWzDyrymg0f/L762c7NQAoJls
s2Nv9iu/HGJbtaseqX4rEN0W
=LhaW
-----END PGP SIGNATURE-----

This message (including any attachments) contains confidential information
intended for a specific individual and purpose, and is protected by law.  If
you are not the intended recipient, you should delete this message and are
hereby notified that any disclosure, copying, or distribution of this
message, or the taking of any action based on it, is strictly prohibited.

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

PeopleSoft Vulnerabilities? Dunlap, Terry J (US - Cincinnati) (Aug 07)
- <Possible follow-ups>
- Re: PeopleSoft Vulnerabilities? Mike Brentlinger (Aug 08)