It depends on what its running on.... most of the deployments on NT use BEA weblogic as a web server to serve up the pages to end users.... http://www.pentasafe.com/products/beaweblogic.htm http://commerce.bea.com/downloads/weblogic_server_security.jsp also a search on www.security-focus.com of the "vulerabilities" section for "bea". yeilds 9 results ranging from n/a to pretty scary for us a search on packet storm for "weblogic" yeilds 11 vulnerabilties http://209.100.212.5/cgi-bin/search/search.cgi?searchvalue=%22weblogic%22&counts=12&type=archives things like "Bea WebLogic Server for Windows NT prior to V5.1.0 (sp7) has a remotely exploitable buffer overflow in the handling of URL's which start with two dots. sound good to me :-) -mdb ----Original Message Follows---- From: "Dunlap, Terry J (US - Cincinnati)" <tdunlapat_private> To: "'pen-testat_private'" <pen-testat_private> Subject: PeopleSoft Vulnerabilities? Date: Mon, 6 Aug 2001 11:44:12 -0400 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Next week I will become part of a security design team at a client site upgrading to PeopleSoft 8.0. My background has been primarily network security/pen-testing. Does anyone know of specific vulnerabilities with the PeopleSoft package that I should be aware of? Thanks in advance for all your help. Terry Dunlap, MCSE, MCP, Network+, A+ Secure e-Business Consultant - ---------------------------------------- Deloitte & Touche 250 East Fifth Street Suite 1900 Cincinnati, Ohio 45201 (513) 784-7102 -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> iQA/AwUBO268FAyPQhKwR6xfEQJ5AgCfc+BsFNavWzDyrymg0f/L762c7NQAoJls s2Nv9iu/HGJbtaseqX4rEN0W =LhaW -----END PGP SIGNATURE----- This message (including any attachments) contains confidential information intended for a specific individual and purpose, and is protected by law. If you are not the intended recipient, you should delete this message and are hereby notified that any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Wed Aug 08 2001 - 10:32:44 PDT