Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Penetration Testing: Re: PeopleSoft Vulnerabilities?

Re: PeopleSoft Vulnerabilities?

From: Mike Brentlinger <mdbrentlinger_at_hotmail.com>
Date: Tue, 07 Aug 2001 18:54:09 -0400

It depends on what its running on.... most of the deployments on NT use BEA
weblogic as a web server to serve up the pages to end users....

http://www.pentasafe.com/products/beaweblogic.htm
http://commerce.bea.com/downloads/weblogic_server_security.jsp

also a search on www.security-focus.com of the "vulerabilities" section
for "bea". yeilds 9 results ranging from n/a to pretty scary for us

a search on packet storm for "weblogic" yeilds 11 vulnerabilties

http://209.100.212.5/cgi-bin/search/search.cgi?searchvalue=%22weblogic%22&counts=12&type=archives

things like "Bea WebLogic Server for Windows NT prior to V5.1.0 (sp7) has a
remotely exploitable buffer overflow in the handling of URL's
which start with two dots. sound good to me :-)

-mdb

----Original Message Follows----
From: "Dunlap, Terry J (US - Cincinnati)" <tdunlap_at_deloitte.com>
To: "'pen-test_at_securityfocus.com'" <pen-test_at_securityfocus.com>
Subject: PeopleSoft Vulnerabilities?
Date: Mon, 6 Aug 2001 11:44:12 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Next week I will become part of a security design team at a client
site upgrading to PeopleSoft 8.0. My background has been primarily
network security/pen-testing. Does anyone know of specific
vulnerabilities with the PeopleSoft package that I should be aware
of?

Thanks in advance for all your help.

Terry Dunlap, MCSE, MCP, Network+, A+
Secure e-Business Consultant
- ----------------------------------------
Deloitte & Touche
250 East Fifth Street
Suite 1900
Cincinnati, Ohio 45201
(513) 784-7102

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBO268FAyPQhKwR6xfEQJ5AgCfc+BsFNavWzDyrymg0f/L762c7NQAoJls
s2Nv9iu/HGJbtaseqX4rEN0W
=LhaW
-----END PGP SIGNATURE-----

This message (including any attachments) contains confidential information
intended for a specific individual and purpose, and is protected by law. If
you are not the intended recipient, you should delete this message and are
hereby notified that any disclosure, copying, or distribution of this
message, or the taking of any action based on it, is strictly prohibited.

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Received on Aug 08 2001

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos