Oracle WebLogic Server Node Manager Unspecified Vulnerability

Secunia ID	SA38473
CVE-ID	CVE-2010-0073
Release Date	08 Feb 2010
Criticality	Moderately Critical Typically used for remotely exploitable Denial of Service vulnerabilities against services like FTP, HTTP, and SMTP, and for vulnerabilities that allow system compromises but require user interaction. This rating is also used for vulnerabilities allowing system compromise on LANs in services like SMB, RPC, NFS, LPD and similar services that are not intended for use over the Internet.
Solution Status	Vendor Patch
Software	Oracle WebLogic Server 10.x Oracle WebLogic Server 7.x Oracle WebLogic Server 8.x Oracle WebLogic Server 9.x
Where	From local network "From local network" describes vulnerabilities where the attack vector requires that an attacker is situated on the same network as a vulnerable system (not necessarily a LAN). This category covers vulnerabilities in certain services (e.g. DHCP, RPC, administrative services) that should not be accessible from the Internet, but only from a local network and optionally a restricted set of external systems.
Impact	System access This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.
Description	A vulnerability has been reported in Oracle WebLogic Server, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an unspecified error. Further information is currently not available. This may be related to: SA38345 The vulnerability is reported in the following version: * Oracle WebLogic Server 11gR1 releases (10.3.1 and 10.3.2) * Oracle WebLogic Server 10gR3 release (10.3.0) * Oracle WebLogic Server 10.0 through MP2 * Oracle WebLogic Server 9.0, 9.1, 9.2 through MP3 * Oracle WebLogic Server 8.1 through SP6 * Oracle WebLogic Server 7.0 through SP7 NOTE: For WebLogic Server versions 7.0. and 8.1 only an impact on availability has been reported.
Solution	Apply the patches. https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&id=1058764.1
Original Advisory	http://www.oracle.com/technology/deploy/security/alerts/alert-cve-2010-0073.html