I. DESCRIPTION

  A cross-site scripting issue affects the display of error events in the
  'View Error Log' feature of BEA WebLogic Administration console.

II. AFFECTED PRODUCTS

  BEA WebLogic 8.1 SP4 and previous.

III. HOW TO VERIFY

  1. Make a HTTP request containing XSS code to a target Web server

  $ printf \
  "GET /<script>alert(document.cookie)</script>GomoR HTTP/1.0\r\n\r\n" \
  | nc www.example.com 80

  2. Login into the Administration console
  3. Go to the menu 'Network configurations/servers/myserser/'
  4. Click on 'View server log'
  5. Search for the string GomoR and click on the BEA-id event.

  A JavaScript dialog box should appear.

IV. SEVERITY

  I let each customer evaluate that within their own context.

V. DISCLOSURE TIMELINE

  06/08/2005  Vendor alerted
  06/08/2005  First vendor response
  06/10/2005  Vendor confirmed the issue
  06/22/2005  Vendor gave temporary test patch
  08/15/2005  Vendor public advisory
  08/23/2005  GomoR public advisory

VI. REFERENCES

  BEA05-80.01
  http://dev2dev.bea.com/pub/advisory/135

  BEA WebLogic Server and WebLogic Express Multiple Remote Vulnerabilities
  http://www.securityfocus.com/bid/13717

-- 
  ^  ___  ___    FreeBSD Network - http://www.GomoR.org/ <-+
  | / __ |__/          Systems & Security Engineer         |
  | \__/ |  \     ---[ zsh$ alias psed='perl -pe ' ]---    |
  +-->  Net::Packet <=> http://search.cpan.org/~gomor/  <--+