I am using Weblogic server 10.3. While checking for the vulnerabilities in project, came across CVE-2007-0417,CVE-2003-0640,CVE-2001-0098,CVE-2000-0681,CVE-2007-4618,CVE-2007-4617,CVE-2007-0425,CVE-2007-0418,CVE-2007-0408,CVE-2005-4757,CVE-2005-4756 all high vulnerabilities present in webserviceclient+ssl.jar. The description of these vulnerabilities says that they should be present in previous versions of Weblogic and should work fine in 10.3.
I am not sure, may be I have missed something while understanding as I am new to this.
Please suggest me the way to resolve these security concerns.
Actually for some old implementation reasons only "webserviceclient+ssl.jar" jar is kept in our project's third party jars. I am not scanning the Weblogic server or its libraries, I am just scanning all the third party jars and hence "webserviceclient+ssl.jar" is also scanned. As you said and the description of these CVE-ID's also says that these are related to Weblogic Server (earlier versions than 10gR3). But strangely, these vulnerabilities are shown for "webserviceclient+ssl.jar" jar. I am using OWASP Dependency Check tool for scanning the libraries.
I have attached the report for your reference which says that these issues are present in "webserviceclient+ssl.jar" jar.
I have a knack for fixing things like this ... um ... sorry ... here is a consilitory tiny ad: