信息提供：	安全公告（或线索）提供热线：51cto.editor@gmail.com
漏洞类别：	远程拒绝服务漏洞
攻击类型：	远程攻击
发布日期：	2002-07-04
更新日期：	2002-07-15
受影响系统：	BEA Systems WebLogic Express for Win32 5.1 SP 10 - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP1 - Microsoft Windows NT 4.0 - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Server SP1 - Microsoft Windows 2000 BEA Systems WebLogic Express for Win32 5.1 SP 11 - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP1 - Microsoft Windows NT 4.0 - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Server SP1 - Microsoft Windows 2000 BEA Systems WebLogic Express for Win32 5.1 SP 12 - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP1 - Microsoft Windows NT 4.0 - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Server SP1 - Microsoft Windows 2000 BEA Systems WebLogic Express for Win32 5.1 SP 2 - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP1 - Microsoft Windows NT 4.0 - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Server SP1 - Microsoft Windows 2000 BEA Systems WebLogic Express for Win32 5.1 SP 3 - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP1 - Microsoft Windows NT 4.0 - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Server SP1 - Microsoft Windows 2000 BEA Systems WebLogic Express for Win32 5.1 SP 4 - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP1 - Microsoft Windows NT 4.0 - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Server SP1 - Microsoft Windows 2000 BEA Systems WebLogic Express for Win32 5.1 SP 5 - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP1 - Microsoft Windows NT 4.0 - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Server SP1 - Microsoft Windows 2000 BEA Systems WebLogic Express for Win32 5.1 SP 6 - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP1 - Microsoft Windows NT 4.0 - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Server SP1 - Microsoft Windows 2000 BEA Systems WebLogic Express for Win32 5.1 SP 7 - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP1 - Microsoft Windows NT 4.0 - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Server SP1 - Microsoft Windows 2000 BEA Systems WebLogic Express for Win32 5.1 SP 8 - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP1 - Microsoft Windows NT 4.0 - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Server SP1 - Microsoft Windows 2000 BEA Systems WebLogic Express for Win32 5.1 SP 9 - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP1 - Microsoft Windows NT 4.0 - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Server SP1 - Microsoft Windows 2000
安全系统：	无
漏洞报告人：	zillion
漏洞描述：	BUGTRAQ ID: 5159 CVE(CAN) ID: CVE-2002-1030 BEA Systems WebLogic Server是一款企业级别的WEB和无线应用服务程序，BEA WebLogic Express是为WEB和无线应用程序的动态数据进行服务的平台，可使用在多种Linux/Unix操作系统中，也可以使用在Windows操作系统下。 BEA WebLogic Express代码中存在竞争条件漏洞，远程攻击者可以利用这个漏洞进行拒绝服务攻击。如果BEA WebLogic Express中的性能捆绑(performance pack)功能开启的情况下，攻击者可以提交大量的数据连接，可导致由于NTDLL.DLL产生错误而使服务崩溃，停止对正常通信的响应。
测试方法：	无
解决方法：	临时解决方法：如果您不能立刻安装补丁或者升级，NSFOCUS建议您采取以下措施以降低威胁： * 使用如下方法关闭性能捆束(performance pack)功能： 1，启动Weblogic Server控制台。 2，在导行树中打开Servers文件夹。 3，在Servers文件夹中选择你的服务器。 4，选择Configuration标签。 5，选择Tuning标签。 6，如果"Native IO Enabled"被选中，请撤消选中。 7，点击Apply。 8，重启动你的服务器。厂商补丁： BEA Systems ----------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： Bea Systems WebLogic Server for Win32 5.1 SP 9: Bea Systems WebLogic Express for Win32 5.1 SP 9: Bea Systems WebLogic Express for Win32 5.1 SP 8: Bea Systems WebLogic Server for Win32 5.1 SP 8: Bea Systems WebLogic Server for Win32 5.1 SP 7: Bea Systems WebLogic Express for Win32 5.1 SP 7: Bea Systems WebLogic Express for Win32 5.1 SP 6: Bea Systems WebLogic Server for Win32 5.1 SP 6: Bea Systems WebLogic Server for Win32 5.1 SP 5: Bea Systems WebLogic Express for Win32 5.1 SP 5: Bea Systems WebLogic Express for Win32 5.1 SP 4: Bea Systems WebLogic Server for Win32 5.1 SP 4: Bea Systems WebLogic Server for Win32 5.1 SP 3: Bea Systems WebLogic Express for Win32 5.1 SP 3: Bea Systems WebLogic Express for Win32 5.1 SP 2: Bea Systems WebLogic Server for Win32 5.1 SP 2: Bea Systems WebLogic Express for Win32 5.1 SP 12: BEA Systems Patch CR080901_510sp12.zip ftp://ftpna.bea.com/pub/releases/security/CR080901_510sp12.zip Bea Systems WebLogic Server for Win32 5.1 SP 12: BEA Systems Patch CR080901_510sp12.zip ftp://ftpna.bea.com/pub/releases/security/CR080901_510sp12.zip Bea Systems WebLogic Server for Win32 5.1 SP 11: Bea Systems WebLogic Express for Win32 5.1 SP 11: Bea Systems WebLogic Express for Win32 5.1 SP 10: Bea Systems WebLogic Server for Win32 5.1 SP 10: Bea Systems WebLogic Express for Win32 5.1 SP 1: Bea Systems WebLogic Server for Win32 5.1 SP 1: Bea Systems WebLogic Server for Win32 5.1: Bea Systems WebLogic Express for Win32 5.1: Bea Systems WebLogic Server for Win32 6.0 SP 2: BEA Systems Patch CR080901_60sp2rp3.zip ftp://ftpna.bea.com/pub/releases/security/CR080901_60sp2rp3.zip Must have rolling patch 3 installed. Bea Systems WebLogic Express for Win32 6.0 SP 2: BEA Systems Patch CR080901_60sp2rp3.zip ftp://ftpna.bea.com/pub/releases/security/CR080901_60sp2rp3.zip Must have rolling patch 3 installed. Bea Systems WebLogic Express for Win32 6.0 SP 1: Bea Systems WebLogic Server for Win32 6.0 SP 1: Bea Systems WebLogic Server for Win32 6.0: Bea Systems WebLogic Express for Win32 6.0: Bea Systems WebLogic Server for Win32 6.1 SP 3: BEA Systems Patch CR080901_61sp3.zip ftp://ftpna.bea.com/pub/releases/security/CR080901_61sp3.zip Bea Systems WebLogic Express for Win32 6.1 SP 3: BEA Systems Patch CR080901_61sp3.zip ftp://ftpna.bea.com/pub/releases/security/CR080901_61sp3.zip Bea Systems WebLogic Server for Win32 6.1 SP 2: Bea Systems WebLogic Express for Win32 6.1 SP 2: Bea Systems WebLogic Express for Win32 6.1 SP 1: Bea Systems WebLogic Server for Win32 6.1 SP 1: Bea Systems WebLogic Server for Win32 6.1: Bea Systems WebLogic Express for Win32 6.1: Bea Systems WebLogic Express for Win32 7.0: BEA Systems Patch CR080901_70.zip ftp://ftpna.bea.com/pub/releases/security/CR080901_70.zip Bea Systems WebLogic Server for Win32 7.0: BEA Systems Patch CR080901_70.zip ftp://ftpna.bea.com/pub/releases/security/CR080901_70.zip

BEA Systems WebLogic Express竞争条件远程拒绝服务漏洞