These are the compliance rules for the Oracle WebLogic Domain compliance standards.
Note:
See My Oracle Support for additional information regarding the future of the deprecated standards.The compliance rules for the All Wls V10 Rules standard follow.
Description: Your Administration Server is hosting applications other than Oracle system applications. Oracle recommends hosting these applications only on the managed servers within your domain. The only applications that should be deployed to your Administration Server are Oracle applications (for example, the Oracle WebLogic Server Administration Console and Oracle agents).
Severity: Warning
Rationale: Administration
Description: Cannot display the JNDI tree on the Oracle WebLogic Server console on a managed server. It seems that the problem is caused by an empty <jndi-name> tag, which was accidentally added in the datasource configuration file.<jdbc-data-source-params> <jndi-name>dsGestionRepresentations</jndi-name> <jndi-name></jndi-name><global-transactions-protocol>TwoPhaseCommit</global-transactions-protocol></jdbc-data-source-params>Will see a StackOverflowError in the logs as a symptom of this problem.
Severity: Critical
Rationale: Server Outage
Description: When the Administration Console is used to stop and restart a remote managed server, the Administration Console hangs until the remote managed server has been fully started.The remote managed servers are started by the Node Manager. If there is no response from a remote managed server at startup, the Administration Console hangs.
Severity: Warning
Rationale: Administration
Description: When the Administration Console is used to stop and restart a remote managed server, the Administration Console hangs until the remote managed server has been fully started.The remote managed servers are started by the Node Manager. If there is no response from a remote managed server at startup, the Administration Console hangs.This problem, described in Oracle Bug 8158504, has been fixed in Oracle WebLogic Server 10.0 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Administration
Description: The JNDI tree on the Oracle WebLogic Server Administration Console cannot be displayed for a managed server. It seems that the problem is caused by an empty <jndi-name> tag, which was accidentally added in the DataSource configuration file.<jdbc-data-source-params> <jndi-name>dsGestionRepresentations</jndi-name> <jndi-name></jndi-name><global-transactions-protocol>TwoPhaseCommit</global-transactions-protocol></jdbc-data-source-params>This problem, described in 8164017, has been fixed in Oracle WebLogic Server 10.3 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Server Outage
Description: When using the -Dweblogic.iiop.useJavaSerialization flag in a call over IIOP, an org.hibernate.LazyInitializationException can occur.
Severity: Critical
Rationale: Server Outage
Description: When using the -Dweblogic.iiop.useJavaSerialization flag in a call over IIOP, an org.hibernate.LazyInitializationException can occur.This problem, described in Oracle Bug 8145565, has been fixed in Oracle WebLogic Server 10.0 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Server Outage
Description: For Oracle WebLogic Server 10.0 with EJB3.0, an ApplicationException occurs. Annotation does not work with unchecked exceptions.
Severity: Critical
Rationale: Server Outage
Description: For Oracle WebLogic Server 10.0 with EJB3.0, an ApplicationException occurs. Annotation does not work with unchecked exceptions.This problem, described in Oracle Bug 8179501, has been fixed in Oracle WebLogic Server 10.3 Maintenance Pack 1
Severity: Minor Warning
Rationale: Server Outage
Description: The following ArrayIndexOutOfBoundsException is thrown by the JspEncoder class when compiling certain JSP files:java.lang.ArrayIndexOutOfBoundsException: 0 at javelin.jsp.JspEncoder$JspxEncoder.guessEncodingFamily(JspEncoder.java:304) at workshop.util.encoding.EncodingManager._detectEncoding(EncodingManager.java:174) at workshop.util.encoding.EncodingManager.findIEncodingForReader(EncodingManager.java:104)
Severity: Warning
Rationale: Performance
Description: In some circumstances, SSL clients that run outside the server environment may not find all possible ciphers with which to construct the list of potential SSL cipher suites resulting in use of the default null cipher (no encryption).This advisory corrects this issue by supplying jars and instructions to ensure all cipher suites are found.
Severity: Critical
Rationale: Server Outage
Description: An attacker could obtain and exploit information that is not encrypted when a null cipher suite is in use. Under certain circumstances, when a client does not offer support for any of the cipher suites available in the server, then the server may select a cipher suite that uses a null cipher; this may result in SSL communication that is not encrypted.This advisory corrects this issue by logging a message when null cipher is in use and also provides administrators the ability to disable the use of null ciphers during SSL communications with SSL clients.
Severity: Critical
Rationale: Server Outage
Description: Contact Oracle Support or visit support.oracle.com for the following information:- A JavaDoc defect may lead to the generation of HTML documentation pages with potential cross-site scripting (XSS) vulnerability.- A buffer overflow vulnerability in the JRE image parsing code may allow an untrusted applet or application to elevate its privileges.- A vulnerability in the JRE font parsing code may allow an untrusted applet to elevate its privileges.- The Java XML Digital Signature implementation in JDK and JRE 6 does not securely process XSLT stylesheets in XSLT Transforms in XML Signatures.- A JRE Applet Class Loader security vulnerability may allow an untrusted applet that is loaded from a remote system to circumvent network access.
Severity: Critical
Rationale: Administration
Description: The Java Secure Socket Extension (JSSE) that is included in various releases of the Java Runtime Environment does not correctly process SSL/TLS handshake requests. This vulnerability may be exploited to create a Denial of Service (DoS) condition to the system as a whole on a server that listens for SSL/TLS connections using JSSE for SSL/TLS support. For more information, please contact Oracle Support or visit support.oracle.com.This advisory corrects this issue by supplying patched versions of JRockit.
Severity: Critical
Rationale: Administration
Description: An attacker can spoof certain information in a request header that can lead to possibly getting access to application servlets that rely on this information for authentication.This advisory corrects this issue by ensuring that the header information is properly handled before passing it to the servlet.
Severity: Critical
Rationale: Administration
Description: WebLogic security policies can be configured to restrict the access to a JMS destination. If an application user does not have the "receive" permission to a JMS destination (queue/topic), an attempt to receive messages from that destination by the application should fail with security errors. By exploiting this vulnerability, an unauthorized user may be able to receive messages from a standalone (physical) JMS Topic destination or a member of a secured Distributed Topic member destination.This advisory resolves this issue by checking permissions before allowing a subscriber to use a durable subscription.
Severity: Critical
Rationale: Administration
Description: The distributed queue feature in Oracle WebLogic Server JMS provides higher availability in a clustered environment. If a JMS client sends a message to a distributed queue and encounters a problem with one member of that distributed queue (the member is down, the member exceeds its quota, access denied, etc), internally the JMS subsystem will retry another member of the same distributed destination. In certain configurations, an unauthorized user is able to send messages to a secure distributed queue.This advisory corrects the problem and ensures that the correct user identity is maintained.
Severity: Critical
Rationale: Administration
Description: Cross-Site Scripting (XSS) vulnerabilityFor more information, see:http://download.oracle.com/docs/cd/E13222_01/wls/docs81/servlet/progtasks.html#160803Background: Cross-Site Scripting (XSS) vulnerabilities are well documented in the industry. An XSS vulnerability requires three parties:Installers, updates, patches and more information are available at support.oracle.com.
Severity: Critical
Rationale: Administration
Description: In order to exploit this vulnerability, an attacker must have access to the server's console login page and have a non-administrator user account on that server. A session fixation vulnerability exists which can result in elevation of the attacker's privileges. For more information about Session Fixation attacks, see:http://en.wikipedia.org/wiki/Session_fixationThis advisory corrects this issue by always regenerating an auth cookie on login.
Severity: Critical
Rationale: Administration
Description: In order to avoid brute-force credential attacks, Oracle WebLogic Server has a mechanism that locks the corresponding user account after a certain number of invalid login attempts. By default, the account is locked after 5 invalid login attempts and remains locked for 30 minutes.Even after a user has been locked out, logon requests to certain carefully constructed URLs can still give hints as to whether the password is correct or not. This allows a sophisticated attacker to successfully run a brute-force password attack, a dictionary attack, or other similar attacks.The patch associated with this advisory corrects the problem. All sites that use servlets are vulnerable to this problem.
Severity: Critical
Rationale: Administration
Description: An attacker can use a carefully constructed URL to cause BEA's proxy plugin to crash the Sun, IIS or Apache web server process. On re-start, this may cause in-flight requests to be lost. This can cause a temporary denial of service. This attack can be exploited remotely, and the attacker does not need any authentication.This advisory resolves the issue in the plugin by correctly handling URLs.
Severity: Critical
Rationale: Administration
Description: This is a combined security advisory. These vulnerabilities are fixed in JRockit R27.5.0. Installers, updates, patches and more information are available at support.oracle.com.
Severity: Critical
Rationale: Administration
Description: Cross-Site Scripting (XSS) vulnerabilityFor more information, see:http://download.oracle.com/docs/cd/E13222_01/wls/docs81/servlet/progtasks.html#160803Caution About Existing Samples:Our samples are intended to provide a simple tutorial regarding a few specific features. They are not comprehensive guides to best practices. Many of them omit the use of the Utils.encodeXSS() method or other XSS preventative techniques in needed places and are hence vulnerable to XSS attacks.
Severity: Critical
Rationale: Administration
Description: While evaluating each EL Expression in JSP, blocked threads occur in a static synchronized method, JspFactory.getDefaultFactory(), resulting in performance degradation.A sample thread dump below shows a blocked thread occurring in the getDefaultFactory() method."[ACTIVE] ExecuteThread: '116' for queue: 'weblogic.kernel.Default (self-tuning)'" daemon prio=6 tid=0x5ff3e870 nid=0xa90 waiting for monitor entry [0x67c8d000..0x67c8fd1c] at javax.servlet.jsp.JspFactory.getDefaultFactory(JspFactory.java:87) - waiting to lock <0x0645ab30> (a java.lang.Class) at weblogic.servlet.jsp.ELHelper.getExpressionFactory(ELHelper.java:114) ...
Severity: Minor Warning
Rationale: Development
Description: While evaluating each EL Expression in JSP, blocked threads occur in a static synchronized method, JspFactory.getDefaultFactory(), resulting in performance degradation.A sample thread dump below shows a blocked thread occurring in the getDefaultFactory() method."[ACTIVE] ExecuteThread: '116' for queue: 'weblogic.kernel.Default (self-tuning)'" daemon prio=6 tid=0x5ff3e870 nid=0xa90 waiting for monitor entry [0x67c8d000..0x67c8fd1c] at javax.servlet.jsp.JspFactory.getDefaultFactory(JspFactory.java:87) - waiting to lock <0x0645ab30> (a java.lang.Class)...This problem, described in Oracle Bug 8174471, has been fixed in Oracle WebLogic Server 10.0 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Development
Description: The following Java class should produce TRUE for Integer values within the range(-128...+127). However, with Oracle JRockit releases R27.2.X and R27.3.X, this may return FALSE.public class Test { public static void main(String[] args) { Integer i1 = 4, i2 = 4; System.out.println(i1 == i2); }}
Severity: Minor Warning
Rationale: Development
Description: Advisory CVE-2009-1006 refers to all the vulnerability fixes that have been made in JRockit for addressing the applicable issues. The applicable advisories include:CVE 2008-5347CVE 2008-5348CVE 2008-5349CVE 2008-5350CVE 2008-5351CVE 2008-5352CVE 2008-5353CVE 2008-5354CVE 2008-5356CVE 2008-5360xFor more information, please contact Oracle Support or visit support.oracle.com.
Severity: Critical
Rationale: Administration
Description: Information Disclosure vulnerability in the WebLogic console or server log.
Severity: Critical
Rationale: Administration
Description: Information disclosure vulnerability in WebLogic Server plug-ins for Apache, Sun, and IIS Web servers.
Severity: Critical
Rationale: Administration
Description: Information disclosure in JSP pages.
Severity: Critical
Rationale: Administration
Description: Elevation of privilege vulnerabilities in the UDDI Explorer.
Severity: Critical
Rationale: Administration
Description: Denial-of-Service vulnerability in WebLogic Server.
Severity: Critical
Rationale: Server Outage
Description: A vulnerability in the Java Management Extensions (JMX) management agent included in the Java Runtime Environment (JRE) may allow a JMX client running on a remote host to perform unauthorized operations on a system running JMX with local monitoring enabled.For more information, please contact Oracle Support or visit support.oracle.com.
Severity: Critical
Rationale: Administration
Description: Security vulnerabilities in the Java Runtime Environment may allow an untrusted applet that is loaded from a remote system to circumvent network access restrictions and establish socket connections to certain services running on machines other than the one that the applet was downloaded from. This may allow the untrusted remote applet the ability to exploit any security vulnerabilities existing in the services it has connected to.For more information, please contact Oracle Support or visit support.oracle.com.
Severity: Critical
Rationale: Administration
Description: A vulnerability in the Java Runtime Environment related to the processing of XML data may allow unauthorized access to certain URL resources (such as some files and web pages) or a Denial of Service (DoS) condition to be created on the system running the JRE.For more information, please contact Oracle Support or visit support.oracle.com.
Severity: Critical
Rationale: Administration
Description: A vulnerability in the Java Runtime Environment with processing XML data may allow an untrusted applet or application that is downloaded from a website unauthorized access to certain URL resources (such as some files and web pages).For more information, please contact Oracle Support or visit support.oracle.com.
Severity: Critical
Rationale: Administration
Description: A buffer overflow security vulnerability with the processing of fonts in the Java Runtime Environment (JRE) may allow an untrusted applet or application to elevate its privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet.For more information, please contact Oracle Support or visit support.oracle.com.
Severity: Critical
Rationale: Administration
Description: A vulnerability in the Java Runtime Environment relating to scripting language support may allow an untrusted applet or application to elevate its privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet.For more information, please contact Oracle Support or visit support.oracle.com.
Severity: Critical
Rationale: Administration
Description: A vulnerability in the Java Runtime Environment relating to scripting language support may allow an untrusted applet to access information from another applet.For more information, please contact Oracle Support or visit support.oracle.com.
Severity: Critical
Rationale: Administration
Description: Recently, an exploit has been made public which may impact the availability, confidentiality, or integrity of WebLogic Server applications that use the Apache web server configured with the WebLogic plug-in for Apache. This vulnerability may be remotely exploitable without authentication (that is, it may be exploited over a network without the need for a username and password).
Severity: Critical
Rationale: Server Outage
Description: This vulnerability may impact the availability, confidentiality, or integrity of WebLogic Server applications which use the Apache web server configured with the WebLogic plug-in for Apache. This vulnerability may be remotely exploitable without authentication, that is, it may be exploited over a network without the need for a username and password.
Severity: Critical
Rationale: Administration
Description: This vulnerability in some NetUI tags may allow an attacker to read unauthorized data. This may be exploited over a network.
Severity: Critical
Rationale: Administration
Description: Under certain conditions, some applications in admin state may be made available to non admin users.
Severity: Critical
Rationale: Administration
Description: If you upgrade from Oracle WebLogic Server 8.1SP3 to a higher version and use auth-method as CLIENT-CERT, some web apps which were protected in Oracle WebLogic Server 8.1SP3 may be made available to an invalid user.
Severity: Critical
Rationale: Administration
Description: This vulnerability may impact the availability, confidentiality or integrity of WebLogic Server applications, which use the Apache, Sun, or IIS web server configured with the WebLogic plug-in for Apache, Sun, or IIS, respectively. This vulnerability may be remotely exploitable without authentication, that is, it may be exploited over a network without the need for a username and password.
Severity: Critical
Rationale: Administration
Description: Certain circumstances may cause some information disclosure in WebLogic Server JSPs and servlets.
Severity: Critical
Rationale: Subsystem Outage
Description: This vulnerability in Oracle WebLogic Console may allow information disclosure and elevation of privileges. This may be exploited over a network.
Severity: Critical
Rationale: Subsystem Outage
Description: This vulnerability in WebLogic Portal may allow elevation of privileges. This may be exploited over a network.
Severity: Critical
Rationale: Administration
Description: Oracle has released Critical Patch Updates for October 2009 that provide corrective action for potential security vulnerabilities for Oracle JRockit R27.6.3 JRE/JDK 1.6.0_11. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Administration
Description: Oracle has released Critical Patch Updates for July 2009 that provide corrective action for potential security vulnerabilities for Oracle WebLogic Server 10.0. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Server Outage
Description: This vulnerability in WebLogic Server may allow elevation of privileges. This may be exploited over a network.
Severity: Critical
Rationale: Administration
Description: This vulnerability in WebLogic Server may allow access to source code of web pages. This may be exploited over a network.
Severity: Critical
Rationale: Administration
Description: This vulnerability may impact the availability, confidentiality, or integrity of WebLogic Server applications, which use the Apache, Sun, or IIS web server configured with the WebLogic plug-in for Apache, Sun, or IIS servers, respectively. This vulnerability may be remotely exploitable without authentication. That is. it may be exploited over a network without the need for a username and password.
Severity: Critical
Rationale: Administration
Description: This vulnerability may impact the availability, confidentiality, or integrity of Oracle WebLogic Server applications, which use the Apache, Sun, or IIS web server configured with the WebLogic Server plug-ins for Apache, Sun, or IIS servers, respectively.
Severity: Critical
Rationale: Administration
Description: Oracle has released Critical Patch Updates for July 2009 that provide corrective action for potential security vulnerabilities for Oracle JRockit R27.6.3 and earlier JRE and JDK 6, R27.6.3 and earlier JRE and JDK 5.0, R27.6.3 and earlier SDK and JRE 1.4.2. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Administration
Description: Oracle has released Critical Patch Updates for July 2009 that provide corrective action for potential security vulnerabilities for Oracle WebLogic Server 10.0. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Server Outage
Description: Oracle has released Critical Patch Updates for October 2009 that provide corrective action for potential security vulnerabilities for Oracle WebLogic Portal 10.x. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Non-User Viewable Errors
Description: Oracle has released Critical Patch Updates for October 2009 that provide corrective action for potential security vulnerabilities for Oracle JRockit 1.5.0_19 and 1.6.0_14.Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Administration
Description: Oracle has released Critical Patch Updates for October 2009 that provide corrective action for potential security vulnerabilities for Oracle WebLogic Server 9.0, 9.1, and 9.2. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Server Outage
Description: Oracle has released Critical Patch Updates for October 2009 that provide corrective action for potential security vulnerabilities for Oracle WebLogic Server 10.0. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Server Outage
Description: Oracle has released Critical Patch Updates for October 2009 that provide corrective action for potential security vulnerabilities for Oracle JRockit 1.6.0_14, 1.5.0_19 and 1.4.2_21. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Administration
Description: Oracle has released a Critical Patch Update that provides corrective action for a potential security vulnerability for Oracle WebLogic Server 10.0. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Development
Description: Oracle has released Critical Patch Updates for January 2010 that provide corrective action for potential security vulnerabilities for Oracle WebLogic Server 9.x. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Non-User Viewable Errors
Description: Oracle has released Critical Patch Updates for January 2010 that provide corrective action for potential security vulnerabilities for Oracle WebLogic Server 10.0. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Development
Description: Oracle has released Critical Patch Updates for January 2010 that provide corrective action for potential security vulnerabilities for Oracle WebLogic Server 9.x. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Non-User Viewable Errors
Description: Oracle has released Critical Patch Updates for January 2010 that provide corrective action for potential security vulnerabilities for Oracle WebLogic Server 10.0. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Development
Description: Oracle has released a Critical Patch Update that provides corrective action for a potential security vulnerability for Oracle WebLogic Server 10.0. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Development
Description: Oracle has released Critical Patch Updates for January 2010 that provide corrective action for potential security vulnerabilities for Oracle WebLogic Server 9.x. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Non-User Viewable Errors
Description: Oracle has released Critical Patch Updates for January 2010 that provide corrective action for potential security vulnerabilities for Oracle WebLogic Server 10.0. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Development
Description: Oracle has released Critical Patch Updates for January 2010 that provide corrective action for potential security vulnerabilities for Oracle WebLogic Server 9.x. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Non-User Viewable Errors
Description: Oracle has released Critical Patch Updates for January 2010 that provide corrective action for potential security vulnerabilities for Oracle WebLogic Server 10.0. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Development
Description: Oracle has released Critical Patch Updates for January 2010 that provide corrective action for potential security vulnerabilities for Oracle JRockit 1.6.0_14, 1.5.0_19 and 1.4.2_21. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Administration
Description: Oracle has released a Critical Patch Update that provides corrective action for a potential security vulnerability for Oracle JRockit R27.6.6: JRE/JDK 1.4.2, 5 and 6; R28.0.0, JRE/JDK 5 and 6. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Administration
Description: Oracle has released a Critical Patch Update that provides corrective action for a potential security vulnerability for Oracle WebLogic Server 10.0. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Development
Description: Bad Certificate Error is thrown during NodeManager startup.Workaround or Apply patch: 1. Use JDK 1.6.0_12 or lower. 2. Copy cacerts from WL_HOME/server/lib directory to JDK_HOME/jre/lib/security/ Installers, updates, patches and more information are available at support.oracle.com.
Severity: Warning
Rationale: Not Complying with Specifications
Description: Bad Certificate Error is thrown during NodeManager startup.Example from the Admin Server:####<Apr 9, 2009 12:55:33 PM EDT> <Debug> <SecuritySSL> <xxxxx-us><AdminServer> <[ACTIVE] ExecuteThread: '2' for queue:'weblogic.kernel.Default (self-tuning)'> <<Oracle WebLogic Server Kernel>> <> <> <1239296133359>...Workaround or Apply patch: - - - - - - - - - - - - - 1. Use JDK 1.6.0_12 or lower. 2. Copy cacerts from WL_HOME/server/lib directory to JDK_HOME/jre/lib/security/This problem, described in 8422724, has been fixed in Oracle WebLogic Server 10.3 Maintenance Pack 1.
Severity: Minor Warning
Rationale: Not Complying with Specifications
Description: Bad Certificate Error is thrown during NodeManager startup.Example from the Admin Server:####<Apr 9, 2009 12:55:33 PM EDT> <Debug> <SecuritySSL> <xxxxx-us><AdminServer> <[ACTIVE] ExecuteThread: '2' for queue:'weblogic.kernel.Default (self-tuning)'> <<Oracle WebLogic Server Kernel>> <> <> <1239296133359><BEA-000000> <Failed to load server trusted CAs...Workaround or Apply patch: - - - - - - - - - - - - - 1. Use JDK 1.6.0_12 or lower. 2. Copy cacerts from WL_HOME/server/lib directory to JDK_HOME/jre/lib/security/This problem, described in 8896127, has been fixed in Oracle WebLogic Server 10.3 Maintenance Pack 1.
Severity: Minor Warning
Rationale: Not Complying with Specifications
Description: Web Services that define a Callback interface with a mixed-case package name will fail to compile with JWSC.
Severity: Minor Warning
Rationale: Development
Description: Calls to isConnected on SSLLayeredSocket result in a "socket not connected" indication.
Severity: Warning
Rationale: Non-User Viewable Errors
Description: Calls to isConnected on SSLLayeredSocket result in a "socket not connected" indication.This problem, described in Oracle Bug 8187246, has been fixed in Oracle WebLogic Server 10.0 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Non-User Viewable Errors
Description: When trying to deploy an application, Hibernate is throwing an exception "it can't use jboss-archive-browser into a compressed archive". Oracle recommends upgrading the jboss-archive-browsing.jar to solve the problem.
Severity: Minor Warning
Rationale: Development
Description: In the Administration Console, if you change the log level for stdout from "Notify" (default) to "Trace," and then change the log level back to "Notify," the following exception occurs during activation:<AdminServer> <[STANDBY] ExecuteThread: '5' for queue:'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1186585039843><BEA-141190> <The commit phase of the configuration update failed with an exception:java.util.MissingResourceException: Can't locate bundle for class 'weblogic.i18n.logging.LoggingTextLocalizer' at weblogic.i18ntools.L10nLookup.getLocalizer(L10nLookup.java:392) ...As a workaround, you can manually edit the config.xml file.
Severity: Warning
Rationale: User Viewable Errors
Description: In the Administration Console, if you change the log level for stdout from "Notify" (default) to "Trace," and then change the log level back to "Notify" you may see "[STANDBY] ... The commit phase of the configuration update failed with an exception:java.util.MissingResourceException: Can't locate bundle for class 'weblogic.i18n.logging.LoggingTextLocalizer' at weblogic.i18ntools.L10nLookup.getLocalizer(L10nLookup.java:392) ...As a workaround, you can manually edit the config.xml file. This problem, described in Oracle Bug 8167473, has been fixed in Oracle WebLogic Server 10.0 Maintenance Pack 2.
Severity: Minor Warning
Rationale: User Viewable Errors
Description: In the Oracle WebLogic Server Administration Console, it is not possible to set the WeblogicPluginEnabled attribute of ClusterMBean.
Severity: Minor Warning
Rationale: Administration
Description: Cannot specify the socket connect timeout while creating a new SSL socket. A specified timeout can provide a faster bailout if the remote server is not available, rather than relying on the default operating system timeout value.
Severity: Warning
Rationale: Administration
Description: Cannot specify the socket connect timeout while creating a new SSL socket. A specified timeout can provide a faster bailout if the remote server is not available, rather than relying on the default operating system timeout value.This problem, described in Oracle Bug 8192393, has been fixed in Oracle WebLogic Server 10.0 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Administration
Description: When the <use81-style-execute-queues> element is set to true in config.xml, the HTTP URI request is not displayed properly on the Server - Monitoring - Threads page of the Administration Console.When you configure Oracle WebLogic Server to use the 8.1 style execute queues such as:<server> <name>AdminServer</name> <use81-style-execute-queues>true</use81-style-execute-queues> <listen-address/></server>When you monitor the threads in the console, the current request does not show the HTTP URI, but something like:weblogic.work.ExecuteRequestAdapter@124a4bc
Severity: Warning
Rationale: Administration
Description: When the <use81-style-execute-queues> element is set to true in config.xml, the HTTP URI request is not displayed properly on the Server>Monitoring>Threads page of the Administration Console.If Oracle WebLogic Server is configured to use the 8.1-style execute queues such as -<server> <name>AdminServer</name> <use81-style-execute-queues>true</use81-style-execute-queues> <listen-address/></server>- the current request does not show the HTTP URI when monitoring the threads in the console. Instead, a string such as the following is seen:weblogic.work.ExecuteRequestAdapter@124a4bcThis problem, described in Oracle Bug 8160163, has been fixed in Oracle WebLogic Server 10.0 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Administration
Description: While invoking a Web Services Application based on Apache AXIS version 1.3, the following exception is logged:[[ACTIVE] ExecuteThread: '0' for queue:'weblogic.kernel.Default (self-tuning)'] DEBUG [TXID:]org.apache.axis.utils.XMLUtils - Failed to set EntityResolver on DocumentBuilderjava.lang.NullPointerException at weblogic.xml.jaxp.ChainingEntityResolver.popEntityResolver(ChainingEntityResolver.java:61) at weblogic.xml.jaxp.RegistryDocumentBuilder.setEntityResolver(RegistryDocumentBuilder.java:169) ...
Severity: Minor Warning
Rationale: User Viewable Errors
Description: The recent change to the definition of US timezones to remove Daylight Savings Time (DST) awareness has broken basic functionality in date handling in multiple vendor JVMs, including Oracle JRockit 1.5.0_08. This issue only affects sites using three-letter abbreviations of DST times zones denotations, which have been deprecated, and any affected JVM.The DateFormat parser uses the contents of String zoneStrings[][] in class DateFormatSymbols to identify the timezone based on the zone value in the input date string.The bug will only have an impact if and only if the application is using the deprecated denotation of three-letter abbreviations for US timezones (for example, EST, MST, or HST).
Severity: Warning
Rationale: Not Complying with Specifications
Description: The recent change to the definition of US timezones to remove Daylight Savings Time (DST) awareness has broken basic functionality in date handling in multiple vendor JVMs, including Oracle JRockit 1.4.2_12. This issue affects sites using the three letter abbreviations for the deprecated DST timezone denotations, when using any affected JVM.The DateFormat parser uses the contents of String zoneStrings[][] in class DateFormatSymbols to identify the timezone based on the zone value in the input date string. For example, the zoneStrings[][] array defines "EST" before "America/New_York" and so sets the timezone for the parser to the EST zone, which is now unaware of DST.
Severity: Warning
Rationale: Not Complying with Specifications
Description: When using UTF-8 encoding and retrieving the data through a JSP from the database in production, you may get incorrect values or characters.Resolution:1.Use -Dfile.encoding options in JVM arguments.2.Use pageEncoding in JSP page directive:<%@ page contentType="text/html; charset=UTF-8" pageEncoding="UTF-8" %>3.Use charset in HTML Meta tag:<meta http-equiv="content-type" content="text/html; charset=UTF-8" />4.jsp-config directive in the deployment descriptor:<jsp-config><jsp-property-group><url-pattern>*.jsp</url-pattern><page-encoding>UTF-8</page-encoding></jsp-property-group></jsp-config>
Severity: Minor Warning
Rationale: Subsystem Outage
Description: The servlet container appends charset=ISO-8859-1 to the HTTP Header contentType in the response for non-JSP pages with any charset contents. This results in improper display of multibyte characters.
Severity: Warning
Rationale: User Viewable Errors
Description: The servlet container appends charset=ISO-8859-1 to the HTTP Header contentType in the response for non-JSP pages with any charset contents. This results in improper display of multibyte characters.This problem, described in Oracle Bug 8122750, has been fixed in Oracle WebLogic Server 10.0 Maintenance Pack 1.
Severity: Minor Warning
Rationale: User Viewable Errors
Description: When you create a custom object and bind the object to the JNDI tree of a managed server of a two node cluster, the server log in the managed server will contain a ClassCastException.
Severity: Warning
Rationale: Performance
Description: When you create a custom object and bind the object to the JNDI tree of a managed server of a two node cluster, you encounter the following issue.After the custom object is bound, the server log in the managed server shows a ClassCastException.This problem, described in Oracle Bug 8141074, has been fixed in Oracle WebLogic Server 10.0 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Performance
Description: A cluster has the Oracle WebLogic Plugin enabled, but the FrontEndHost server setting has not been specified. Oracle WebLogic Server uses this setting to specify the host for HTTP responses. If no FrontEndHost server has been specified, Oracle WebLogic Server uses the hostname of the server that processed the request.
Severity: Warning
Rationale: Non-User Viewable Errors
Description: Compaction of objects is the process of moving objects closer to each other in the heap, thus reducing the fragmentation and making object allocation easier for the JVM. Oracle JRockit compacts a part of the heap at each garbage collection (or old collection, if the garbage collector is generational).It has been observed in Oracle JRockit releases R27.3.1 and R27.4.0 that the compaction is being aborted when it should not be aborted due to the counter not being set to 0 between Garbage Collections.In some cases, the counter will continue to increase until it grows too large, leading to an aborted compaction. Since it is not set to 0, all the following Garbage Collections will be aborted as well.
Severity: Warning
Rationale: Performance
Description: A connection pool has been set up to perform all of the following tests:* TestOnCreate* TestOnReserve* TestOnReleaseAs a result of enabling all three of these settings, the connection will be tested when it is retrieved from the pool and then again when it is put back into the pool. This can lead to performance issues in JDBC access code.
Severity: Minor Warning
Rationale: Performance
Description: When Production Mode is enabled or disabled with the command line option "-Dweblogic.ProductionModeEnabled=[true
Severity: false]" but the setting does not agree with the config.xml "ProductionMode" setting, the Adminstration Console may show incorrect values for some configuration options. This can occur for any configuration options for which the default values for production mode differ from the default values for development mode.Note: Command line overrides are not persisted in config.xml. The Administration Console shows the configuration attribute values and defaults that correspond to the persisted version in the config.xml file.
Rationale: Warning
Description: When a Message Driven Bean (MDB) is deployed on a multiserver domain and is listening on a distributed queue, and the MDB is configured to connect to all of the distributed queue members. However, if a remote distributed queue member server is restarted, the deployed MDB server does not reconnect with the remote distributed queue member server.
Severity: Warning
Rationale: Subsystem Outage
Description: If you are using Oracle JRockit in conjunction with a native library that relies on OS signals you may experience crashes due to a signal handling conflict between Oracle JRockit and the native library.Dump stack matches known issue:Thread Stack Trace: at pthread_kill+62()@0xb75c00ee at ptSendSignal+34()@0xb71aedc6 at trapiConvertToDeferredSigsegv+199()@0xb719d207 at trapiSigSegvHandler+40()@0xb719d23c at xehInterpretSavedSigaction+219(amqxerrx.c)@0xb72f276b at xehExceptionHandler+543()@0xb72f2b3f at __libc_sigaction+272()@0xb75c2f80Oracle Engineering found this conflict using IBM's MQSeries native drivers, and it may be present in other libraries that rely on native code.
Severity: Critical
Rationale: Server Outage
Description: The shutdown of a pool also kills its asynchronous connection testing process. When the pool is restarted, the asynchronous testing job does not restart, and the DataSource cannot detect database failures by test frequency until Oracle WebLogic Server is rebooted. This issue no longer occurs, as asynchronous testing is always restarted when the pool is restarted.This problem, described in Oracle Bug 8195854, has been fixed in Oracle WebLogic Server 10.3.
Severity: Minor Warning
Rationale: Administration
Description: The shutdown of a pool also kills its asynchronous connection testing process. When the pool is restarted, the asynchronous testing job does not restart, and the DataSource cannot detect database failures by test frequency until Oracle WebLogic Server is rebooted. This issue no longer happens, as asynchronous testing is always restarted when the pool is restarted.
Severity: Minor Warning
Rationale: Administration
Description: Starting up a large cluster can be very slow, because establishing the JMX connection can be a fairly heavy operation.
Severity: Warning
Rationale: Administration
Description: Starting up a large cluster can be very slow, because establishing the JMX connection can be a fairly heavy operation.This problem, described in Oracle Bug 8138357, has been fixed in Oracle WebLogic Server 10.3.
Severity: Minor Warning
Rationale: Administration
Description: A deadlock occurs in FEConnection and FEConnectionRuntimeDelegate class when sending a message to JMS Server using a thin client.The following is the thread stack from the deadlock:"[STANDBY] ExecuteThread: '5' for queue: 'weblogic.kernel.Default(self-tuning)'": at weblogic.management.runtime.RuntimeMBeanDelegate.unregisterChildren(RuntimeMBeanDelegate.java:336) - waiting to lock <0x03ae0028> (a weblogic.jms.frontend.FEConnectionRuntimeDelegate) ...
Severity: Warning
Rationale: Administration
Description: When using Oracle WebLogic Server 10.0 and JMS operations, a deadlock occurs when trying to reconnect with an Oracle WebLogic Server 8.1 SP5 server that has gone down.Found one Java-level deadlock:'weblogic.timers.TimerThread': waiting to lock monitor 0x00000001012cdbe0 (object 0xffffffff23111248, a java.lang.Object), which is held by '[ACTIVE] ExecuteThread: '36' for queue: 'weblogic.kernel.Default (self-tuning)'''[ACTIVE] ExecuteThread: '36' for queue: 'weblogic.kernel.Default (self-tuning)'': waiting to lock monitor 0x00000001002d26f8 (object 0xffffffff13ca1368, a weblogic.timers.internal.TimerThread), which is held by 'weblogic.timers.TimerThread'
Severity: Critical
Rationale: Subsystem Outage
Description: When using Oracle WebLogic Server 10.0 and JMS operations, a deadlock occurs when trying to reconnect with an Oracle WebLogic Server 8.1 SP5 server that has gone down. For example:Found one Java-level deadlock:'weblogic.timers.TimerThread': waiting to lock monitor 0x00000001012cdbe0 (object 0xffffffff23111248, a java.lang.Object), which is held by '[ACTIVE] ExecuteThread: '36' for queue: 'weblogic.kernel.Default (self-tuning)'''[ACTIVE] ExecuteThread: '36' for queue: 'weblogic.kernel.Default (self-tuning)'': waiting to lock monitor 0x00000001002d26f8 (object 0xffffffff13ca1368, a weblogic.timers.internal.TimerThread), which is held by 'weblogic.timers.TimerThread'This problem, described in Oracle Bug 8135972, has been fixed in Oracle WebLogic Server 10.0 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Subsystem Outage
Description: Java level deadlock between weblogic.deployment.jms.JMSSessionPoolTester and weblogic.deployment.jms.JMSSessionPool reveal in Oracle WebLogic Server Thread dump.
Severity: Critical
Rationale: Server Outage
Description: Java level deadlock between weblogic.deployment.jms.JMSSessionPoolTester and weblogic.deployment.jms.JMSSessionPool reveal in Oracle WebLogic Server Thread dump.
Severity: Minor Warning
Rationale: Server Outage
Description: A delay can occur when a transaction commits using UserTransaction with JMS when the system is under load. When this happens, Oracle WebLogic Server may throw a java.rmi.server.ServerNotActiveException at getClientEndPoint() in the ServerHelper class. This can cause a stop startCommit() process in the SubCoordinatorImpl class, and the commit is delayed until after the JTA timeout value.
Severity: Warning
Rationale: Performance
Description: If a .jsp (for instance, a framework skeleton .jsp) is copied into the workspace, modified, then deleted, the .jsp does not revert to the library version of the .jsp, and the modifications are not removed.For example, if you:1) Copy a library module version of a .jsp to the workspace.2) Modify the .jsp.3) Publish and view a desktop using that .jsp.4) Delete the .jsp.5) Republish and view the desktop again. Changes made to copy are still visible.6) Run Project -> clean.7) Republish and view the desktop again. The changes made to the copy are still visible.
Severity: Minor Warning
Rationale: Administration
Description: When JDBC profiling is enabled, it periodically dumps profiling information into the diagnostic store. Enabling it for an extended time can cause the diagnostic store to grow.
Severity: Warning
Rationale: Performance
Description: In Oracle WebLogic Server 8.1 Maintenance Pack 5, it was possible to disable the writing of system properties to the Oracle WebLogic Server log file by using the -Dweblogic.management.noLogSystemProperties=true parameter.However, after upgrading to Oracle WebLogic Server 9.x, this setting no longer has any effect.
Severity: Minor Warning
Rationale: Performance
Description: An incorrect dynamic Web Service Definition Language (WSDL) location address is generated when a Web service is deployed on a cluster with multiple front-end hosts and ports. A new property, weblogic.wsee.useRequestHost, has been introduced in Oracle WebLogic Server 9.2.1 that allows generation of the WSDL location address either from the host header or by following the topology design.
Severity: Minor Warning
Rationale: Administration
Description: When trying to inject an EJB resource into an interceptor using annotation, you may receive a runtime error:@EJB private LocalEjb localEjb;The exception received is the following:Runtime exception : javax.ejb.EJBException: nested exception is:java.lang.InstantiationException: [EJB:011128]Error creating an instance of the EJB 'TestFacadeImpl':com.bea.core.repackaged.springframework.beans.factory.BeanCreationException:Error creating bean with name'com.company.vdds.server.facade.TestInterceptor_42to9f_Impl': Initialization of bean failed; nested exception is java.lang.UnsupportedOperationException:Cannot inject value of class 'class $Proxy258' into privatecom.company.vdds.server.facade.LocalEjbcom.company.vdds.server.facade.TestInterceptor.localEjb
Severity: Minor Warning
Rationale: Development
Description: When trying to inject an EJB resource into an interceptor using annotation, you may receive a runtime error:@EJB private LocalEjb localEjb;The exception received is the following:Runtime exception : javax.ejb.EJBException: nested exception is:java.lang.InstantiationException: [EJB:011128]Error creating an instance of the EJB 'TestFacadeImpl':com.bea.core.repackaged.springframework.beans.factory.BeanCreationException:Error creating bean with name...This problem, described in Oracle Bug 8116768, has been fixed in Oracle WebLogic Server 10.3
Severity: Minor Warning
Rationale: Development
Description: ejbHomeQuery causes NullPointerException in the EJB container.
Severity: Minor Warning
Rationale: Administration
Description: ejbHomeQuery causes NullPointerException in the EJB container.This problem, described in Oracle Bug 8115318, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 3.
Severity: Minor Warning
Rationale: Administration
Description: As of June 30, 2005, Microsoft has announced the end of mainstream support for the following platforms:* Windows 2000 Server* Advanced Server* Datacenter ServerOracle will continue supporting Oracle applications (for example Oracle JRockit on these platforms) at least through December 2006. A final notice of the end of support for Oracle JRockit on Windows 2000 will appear at least 12 months before the actual end of support.Note: Support for any Windows-specific issues must addressed by Microsoft via their extended support services.
Severity: Warning
Rationale: Not Complying with Specifications
Description: Oracle stopped supporting Red Hat Linux 2.1 on April 30, 2006.
Severity: Warning
Rationale: Not Complying with Specifications
Description: Enhancement to add deployment descriptor to turn off passivation/activation during replication of Stateful Session Bean (SFSB) in cluster.A new flag <passivate-during-replication> is added to weblogic-ejb-jar.xml. This flag is part of <stateful-session-descriptor> as below:<!ELEMENT stateful-session-clustering ( home-is-clusterable?, home-load-algorithm?, home-call-router-class-name?, use-serverside-stubs?, replication-type?, passivate-during-replication?)>Set the flag to 'false' to avoid passivation/activation during SFSB replication. The default value for the flag is 'true'.
Severity: Minor Warning
Rationale: Administration
Description: When a new Entity bean has been created with a primary key ID of sequence generator int type, attempts to persist this bean as part of a global transaction will fail with a javax.ejb.EJBException if a nontransactional datasource is used.No issues will be encountered if the annotation is removed from the Primary Key value, or if the uid-string generator is used and the field type changed to String.
Severity: Minor Warning
Rationale: User Viewable Errors
Description: The issue exists in the following situation:Two domains.On domain1, business services implemented as Stateless EJBs are deployed.On domain2, other business services using those of domain1 are implemented.Business services on domain2 put Remote Home EJB object from domain1 into cache, so that domain2 does not have to lookup home objects needlessly.Unfortunately, when redeploying business services on domain1, services on domain2 do not work on the first call. They do work on the second call.
Severity: Warning
Rationale: Performance
Description: The issue exists in the following situation:Two domains:On domain1, business services implemented as Stateless EJBs are deployed.On domain2, other business services using those of domain1 are implemented.Business services on domain2 put Remote Home EJB object from domain1 into cache, so that domain2 does not look up home objects needlessly.However, when redeploying business services on domain1, services on domain2 do not work on the first call. They do work on the second call.This problem, described in Oracle Bug 8156181, has been fixed in Oracle WebLogic Server 10.0 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Performance
Description: Exceptions occur in the Oracle WebLogic Server 10.0.x Administration Console when viewing persistence units in any application. After this occurs, no persistence units are displayed in the console.The following exception is thrown:<Error> <Console> <BEA-240003> <Console encountered the following error java.lang.NullPointerExceptionAt weblogic.deploy.api.spi.config.DeploymentConfigurationImpl.getRootTag(DeploymentConfigurationImpl.java:1285)at weblogic.deploy.api.spi.config.BasicDConfigBeanRoot.getDConfigBean(BasicDConfigBeanRoot.java:131)
Severity: Minor Warning
Rationale: Administration
Description: Per the EJB specification, any business exception thrown from business methods needs to be handled at the client end. That is, the business exception propagates to the client end without any intervention from the server.However, when implementing a Web service using an EJB, with a business exception thrown from the exposed methods, the business exception thrown is propagated to the client; but an exception stack trace is also getting generated in the server log.This results in unneccessary growth of server logs.NOTE: The following flag suppresses the error message from the logs:-Dweblogic.wsee.component.exception=false
Severity: Minor Warning
Rationale: Administration
Description: Per the EJB specification, any business exception thrown from business methods needs to be handled at the client end (that is, the business exception propagates to the client end without any intervention from the server).However, when implementing a Web service using an EJB, with a business exception thrown from the exposed methods, the business exception thrown is propagated to the client; but, an exception stack trace is also getting generated in the server log.This results in unneccessary growth of server logs.NOTE: The following flag suppresses the error message from the logs:-Dweblogic.wsee.component.exception=falseThis problem, described in Oracle Bug 8182695, has been fixed in Oracle WebLogic Server 10.0 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Administration
Description: In Oracle JRockit R27.1, the class bytes preprocessing facility was changed to allow for recursive preprocessing. This meant that a class preprocessor instance that was currently doing class preprocessing and through this caused a new class to be loaded would be recursively called with the new class bytes. This caused failures in some existing preprocessor implementations that relied on the old behavior of JRockit R27.1. In Oracle JRockit R27.5, this has been reverted. A thread doing class preprocessing will now silently refuse to preprocess any types created by executing the preprocessor itself.For example, in Oracle SOA Manager (ALSM), the error "Nanoagents not loading" occurs when used with Oracle JRockit R27.3.1.
Severity: Warning
Rationale: Subsystem Outage
Description: For Oracle WebLogic Server 10.0 with a Sun JDK version less than 1.5.0_08, if you use the JDK "ktab" command to generate a "keytab" file, the Single Sign On (SSO) fails with an "unsupported algorithm" exception.
Severity: Minor Warning
Rationale: Development
Description: If a configuration contains foreign JNDI links, the Oracle WebLogic Server Administration Console fails to display the JNDI tree. There are no exceptions, and the Console displays a blank page. This makes it impossible to browse the JNDI tree for debugging purposes or to administer the JNDI security policies.This problem, described in Oracle Bug 8096067, has been fixed in Oracle WebLogic Server 10.0 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Administration
Description: If a configuration contains foreign JNDI links, the Oracle WebLogic Server Administration Console fails to display the JNDI tree. There are no exceptions, and the Console displays a blank page. This makes it impossible to browse the JNDI tree for debugging purposes or to administrate the JNDI security policies.
Severity: Minor Warning
Rationale: Administration
Description: JMS proxy using local foreign JMS server configuration with credentials given is not able to connect to the remote system.
Severity: Warning
Rationale: Subsystem Outage
Description: When you insert the control manually, you get a 'nullPointerException' when running the servlet.In Oracle Workshop for WebLogic 10.0 there is no direct procedure to call a control from a Java class, but there are the workarounds available. See the Remedy section.
Severity: Minor Warning
Rationale: Development
Description: Oracle WebLogic Server 10 on Linux and using CGIServlet is getting following error:<HTTP> <BEA-101017> <[weblogic.servlet.internal.WebAppServletContext@1026c8d - appName: 'itcon_app', name: 'itcon_app', context-path: ''] Root cause of ServletException.java.lang.UnsatisfiedLinkError: no wlenv in java.library.pathat java.lang.ClassLoader.loadLibrary(Ljava.lang.Class;Ljava.lang.String;Z)V (Unknown Source)at java.lang.Runtime.loadLibrary0(Runtime.java:822)at java.lang.System.loadLibrary(Ljava.lang.String;)V(UnknownSource)at weblogic.servlet.Env.<clinit>(Env.java:16)at weblogic.servlet.CGIServlet.init(CGIServlet.java:72)Truncated. see log file for complete stacktrace
Severity: Minor Warning
Rationale: Administration
Description: Using global multicast addresses between 230.0.0.1 and 239.192.0.0 causes cluster issues. For example, the JMS destination may not replicate to all members of the cluster although the JNDINameReplicated attribute is set to "true."
Severity: Warning
Rationale: Administration
Description: By default, Oracle WebLogic Server does not check for Group circularity for any externally configured LDAP Authenticators (iPlanet, Active Directory, Novell, Open LDAP, etc.).Circular reference:Group A is a member of Group BGroup B is a member of Group AWhen a group circularity exists in the backend LDAP, so many LDAP connections are created (due to the backend LDAP group having itself as a member), that a server crash can result.
Severity: Minor Warning
Rationale: Subsystem Outage
Description: When using HTTP HEAD requests against http://<host>:<port>/WebApp/WebService?WSDL (to determine if service is available), it returns HTTP 404 error in Oracle WebLogic Server 10.0.The Web service can be verified as available via telnet GET or by accessing the Web Services Definition Language (WSDL) in a browser.
Severity: Minor Warning
Rationale: Development
Description: When using HTTP HEAD requests against http://<host>:<port>/WebApp/WebService?WSDL (to determine if service is available), it returns HTTP 404 error in Oracle WebLogic Server 10.0.The Web service is verified to be available via telnet GET or by accessing the Web Service Definition Language (WSDL) in a browser.This problem, described in Oracle Bug 8160606, has been fixed in Oracle WebLogic Server 10.0 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Development
Description: If a servlet calls RequestDispatcher.forward(), the following exception is thrown for HEAD request:javax.servlet.ServletException: Original response not available
Severity: Warning
Rationale: Administration
Description: If a servlet calls RequestDispatcher.forward(), the following exception is thrown for HEAD request:javax.servlet.ServletException: Original response not availableThis problem, described in Oracle Bug 8103455, has been fixed in Oracle WebLogic Server 10.0 Maintenance Pack 1.
Severity: Minor Warning
Rationale: Administration
Description: A denial-of-service attack is a malicious attempt to overload a server by sending more requests than it can handle, preventing access to a service. Attackers may overload the server by sending huge amounts of data in an HTTP POST method. The client can get an HTTP error code 413 (Request Entity Too Large) or the connection may be broken.Prevent this type of attack by setting the MaxPostSize parameter. This limits the number of bytes of data that can be received in a POST from a single request. (By default, the value for MaxPostSize is -1, i.e. unlimited.) If an attacker sends an HTTP POST that exceeds the limit you specify, it triggers a MaxPostSizeExceeded exception and the server logs a "POST size exceeded the parameter MaxPostSize" message.
Severity: Critical
Rationale: Server Outage
Description: HandlerPipe in JAX-WS 2.0.1 is not thread safe in Oracle WebLogic Server 10.0. A NullPointerException occurs when the JAX-WS handler is used. Below is an example of the exception stack trace:java.lang.NullPointerException at com.sun.xml.ws.handler.HandlerPipe.isHandleFalse(HandlerPipe.java:181) at com.sun.xml.ws.handler.HandlerPipe.process(HandlerPipe.java:109) at com.sun.xml.ws.handler.HandlerPipe.process(HandlerPipe.java:107) at weblogic.wsee.jaxws.MonitoringPipe.process(MonitoringPipe.java:98)
Severity: Warning
Rationale: Administration
Description: When Hibernate and ehcache are used with Oracle WebLogic Server, the ehcache component writes cached objects to the file system defined by the property java.io.tmpDir. This, in itself, is not an issue. However, when there are two or more managed servers running on each physical server, these managed servers write to the same directory in the file system using the same file names. Consequently, the servers are sharing resources that require explicit locks in order to modify the files, which can result in a deadlock condition.
Severity: Critical
Rationale: Administration
Description: When using HttpProxyServlet in Oracle WebLogic Server as the Reversed Proxy Server (RPS), the socket is to be closed when the browser is closed or navigated to some other site. However, the connection is found to be kept alive, and it keeps reading from the socket. And it will take a long time to respond to a new request. Finally, it results in the server hanging.thread dumps:"ExecuteThread: '48' for queue: 'weblogic.kernel.Default'" daemon prio=5 tid=0x24d488c0 nid=0xa80 runnable [26cef000..26cefdb0] at java.net.SocketInputStream.socketRead0(Native Method)...Oracle Bug 8118037 has been fixed in Oracle WebLogic Server 10.0 Maintenance Pack 1.
Severity: Minor Warning
Rationale: Administration
Description: The request.getRemoteUser() call returns null.Workaround: Use request.getHeader('REMOTE_USER') to get the remote user.
Severity: Minor Warning
Rationale: Development
Description: The request.getRemoteUser() call returns null.Workaround: Use request.getHeader('REMOTE_USER') to get the remote user.This problem, described in Oracle Bug 8147527, has been fixed in Oracle WebLogic Server 10.0 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Development
Description: IBM JDK 64 bit is not supported for all versions of Oracle WebLogic Server. Oracle will provide support to the best of its ability. You may be advised to revert to a supported JVM configuration if you encounter an Oracle issue that appears to be JVM-related.
Severity: Warning
Rationale: Administration
Description: Dual stack is NOT supported. As a result, when dual stack is configured and an Oracle WebLogic Server domain is started on the machine, Oracle WebLogic Server seems to be listening only to IPv4 address and not to the IPv6 address.Now Oracle WebLogic Server supports IPv6 address.
Severity: Warning
Rationale: Administration
Description: Dual stack is not supported. As a result, when dual stack is configured and an Oracle WebLogic Server domain is started on the machine, Oracle WebLogic Server seems to be listening only to IPv4 address and not to the IPv6 address.Now Oracle WebLogic Server supports IPv6 address.This problem, described in Oracle Bug 8153228, has been fixed in Oracle WebLogic Server 10.0 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Administration
Description: If you use the Administration Console to enable/disable the SSL option for a server, and the server is accessed through a proxy server, when the changes are activated, the accessed URL is hard-coded and redirects to port 7001.If you access the Administration Console through a proxy server, the connection to the Administration Server will be lost. This is because the URL is redirected to port 7001, which does not access the Console from the client side.
Severity: Minor Warning
Rationale: Administration
Description: Some customers write their own startup and environment scripts. Sometimes they invert the CLASSPATH order. When this occurs, patches applied with BSU are not active even if Oracle Enterprise Manager detects them. The weblogic_patch.jar must always come before weblogic_sp.jar and weblogic.jar in the classpath.
Severity: Critical
Rationale: Administration
Description: Under the following conditions, you may observe the following message written to the server logs continuously every few seconds. This happens when a certain sequence is used when starting the Oracle WebLogic Server Administration Server and Managed Servers.This can occur under the following conditions:1. The Administration Server listen-address is set to something other than "localhost."2. TunnelingEnabled is set to "false" (default setting).Example error message:HTTPClntLogin: Login rejected with code: 'Failed', reason: java.net.ProtocolException: HTTP tunneling is disabled at weblogic.rjvm.http.HTTPServerJVMConnection.acceptJVMConnection(HTTPServerJVMConnection.java:88) ...
Severity: Minor Warning
Rationale: Administration
Description: In rare cases, external compaction can cause very long pause times when attempting to move a large object from the highest heap parts, if the heap is fragmented.
Severity: Warning
Rationale: Performance
Description: When invoking a Web service using JAX-WS stack at runtime, the following exception is thrown by the client:javax.xml.ws.WebServiceException:{http://host.domain/schemas/envelope/v3_0}GetProfileService is not a valid service. Valid services are: at com.sun.xml.ws.client.WSServiceDelegate.parseWSDL(WSServiceDelegate.java:210) at com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:165) at com.sun.xml.ws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.java:49) at weblogic.wsee.jaxws.spi.WLSProvider.createServiceDelegate(WLSProvider.java:18) at javax.xml.ws.Service.<init>(Service.java:57)The reason for this is that JAX-WS stack failed to read relative paths in XSDs while parsing WSDLs packaged as JARs.
Severity: Warning
Rationale: Development
Description: When invoking a Web service using JAX-WS stack at runtime, the following exception is thrown by the client:javax.xml.ws.WebServiceException:{http://host.domain/schemas/envelope/v3_0}GetProfileService is not a valid service. Valid services are: at com.sun.xml.ws.client.WSServiceDelegate.parseWSDL(WSServiceDelegate.java:210)The reason for this error is that JAX-WS stack failed to read relative paths in XSDs while parsing WSDLs packaged as JARs. This problem, described in Oracle Bug 8194951, has been fixed in Oracle WebLogic Server 10.0 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Development
Description: When the Web Services Definition Language (WSDL) elements are qualified without default namespace, the JAXB-compiler-generated client class is throwing a NullPointerException, with client exception as below:Exception in thread 'Main Thread' java.lang.NullPointerException at com.sun.xml.ws.model.wsdl.WSDLBoundPortTypeImpl.freeze(WSDLBoundPortTypeImpl.java:203) at com.sun.xml.ws.model.wsdl.WSDLModelImpl.freeze(WSDLModelImpl.java:221) ...Note: The same thing is working fine when all elements with namespace (default explicitly) are qualified.
Severity: Warning
Rationale: Development
Description: When Web Services Definition Language (WSDL) elements are qualified without default namespace, the JAXB-compiler-generated client class throws a NullPointerException, beginning with the lines below:Exception in thread 'Main Thread' java.lang.NullPointerException at com.sun.xml.ws.model.wsdl.WSDLBoundPortTypeImpl.freeze(WSDLBoundPortTypeImpl.java:203) ...Note: This error does not occur when all elements with namespaces (default explicitly) are qualified.This problem, described in Oracle Bug 8192605, has been fixed in Oracle WebLogic Server 10.0 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Development
Description: When an application attempts to retrieve a connection from the JDBC pool, and the connections appear to be hanging, the system checks if the maximum "Seconds to Trust an Idle Pool Connection" has been exceeded. The return value for the test method should indicate whether a real test was done, and whether it passed. However, the test method return values are inconsistent. In addition, the code responsible for tabulating test durations does not distinguish between actual tests and non-tests, so the non-tests biased the average "test time" as faster than a real test. This can cause some actual tests to appear to hang.
Severity: Minor Warning
Rationale: Administration
Description: When an application attempts to retrieve a connection from the JDBC pool, the implementation checks if the maximum "Seconds to Trust an Idle Pool Connection" has been exceeded, and the connections appear to be hanging. The return value for the test method is supposed to indicate whether a real test was done or not, and whether it passed or not. However, the test method return values are inconsistent. Furthermore, the code responsible for tabulating test durations does not distinguish between actual tests and non-tests, so the non-tests biased the average "test time" as faster than a real test. This can cause actual tests to appear to hang.This problem, described in Oracle Bug 8174835, has been fixed in Oracle WebLogic Server 10.0 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Administration
Description: The JMS SAF Client does not fail over to other cluster members when the primary member goes down. The following exception occurs on closing and creating a new SAF client context, as the messages are redirected to the other members:<Jun 19, 2008 7:23:26 PM PDT> <Error> <Kernel> <BEA-000802> <ExecuteRequest failed java.lang.IllegalArgumentException: TimerManager is in STOPPED state.java.lang.IllegalArgumentException: TimerManager is in STOPPED state at weblogic.timers.internal.TimerManagerImpl.schedule(TimerManagerImpl.java:392) ...>
Severity: Minor Warning
Rationale: User Viewable Errors
Description: JMS client occasionally hangs on a belated connection close if the auto-reconnect logic has already been activated for the connection.
Severity: Warning
Rationale: Subsystem Outage
Description: JMS producer leaks memory when the producer is repeatedly created and closed while the session remains open.
Severity: Minor Warning
Rationale: Administration
Description: JMS producer leaks memory when the producer is repeatedly created and closed while the session remains open.This problem, described in Oracle Bug 8108465, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Administration
Description: JMS producer leaks memory when the producer is repeatedly created and closed while the session remains open.This problem, described in Oracle Bug 8108465, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Administration
Description: When the JMS Server's BytesHighCount attribute is greater than 50 percent of the JVM's HeapSizeCurrent, and the BytesPagingEnabled and MessagesPagingEnabled attributes are not set, a JMS processing error may have occured or may occur in the future.
Severity: Critical
Rationale: Server Outage
Description: The JMS wrapper is overriding the given foreign JNDI properties for creating Initial Context.This leads to the following warning message:<Warning> <JMSPool> <BEA-169808> <There was an error while making the initial connection to the JMS resource named 'xxx' from the EJB 'yyy' inside application 'zzz.' The server will attempt the connection again later. The error was javax.jms.JMSSecurityException: invalid name or password>
Severity: Warning
Rationale: Administration
Description: The JMS wrapper is overriding the given foreign JNDI properties for creating Initial Context.This leads to the following warning message:<Warning> <JMSPool> <BEA-169808> <There was an error while making the initial connection to the JMS resource named xxx from the EJB yyy inside application zzz. The server will attempt the connection again later. The error was javax.jms.JMSSecurityException: invalid name or password>This problem, described in Oracle Bug 8191156, has been fixed in Oracle WebLogic Server 10.0 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Administration
Description: JMS wrappers not handled properly when using JMS 1.1 API.Using wrappers means configuring a Foreign Connection Factory and a Foreign Destination that correspond to remote JMS objects (either non-Oracle or Oracle WebLogic Server JMS) as entries in your local JNDI tree.For foreign and remote destinations, the simplest configuration strategy is to use Oracle WebLogic Server JMS wrappers. Wrappers allow you to create a "symbolic link" between a JMS object in a third-party JNDI provider or in a different Oracle WebLogic Server cluster or domain, and an object in the local Oracle WebLogic Server JNDI tree.
Severity: Minor Warning
Rationale: Administration
Description: JMS wrappers not handled properly when using JMS 1.1 API.Using wrappers means configuring a Foreign Connection Factory and a Foreign Destination that correspond to remote JMS objects (either non-Oracle or Oracle WebLogic Server JMS) as entries in your local JNDI tree.For foreign and remote destinations, the simplest configuration strategy is to use Oracle WebLogic Server JMS wrappers. Wrappers allow you to create a "symbolic link" between a JMS object in a third-party JNDI provider or in a different Oracle WebLogic Server cluster or domain, and an object in the local Oracle WebLogic Server JNDI tree.This problem, described in Oracle Bug 8190861, has been fixed in Oracle WebLogic Server 10.0 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Administration
Description: When sending a message to a distributed topic in Oracle WebLogic Server 10.0 after restricting JMS access to a specific user, a JMSSecurityException will occur. You may see "weblogic.jms.common.JMSSecurityException: Access denied to resource??????" at weblogic.jms.common.JMSSecurityHelper.checkPermission(JMSSecurityHelper.java:157)...
Severity: Minor Warning
Rationale: Administration
Description: Sending a message to a distributed topic in Oracle WebLogic Server 10.0, after restricting JMS access to a specific user, generates a JMSSecurityException. The message is not forwarded to the secondary server due to the following exception:weblogic.jms.common.JMSSecurityException: Access denied to resource: type=<jms>, application=DESystemModule, destinationType=topic,resource=DistributedTopic-0, action=send at weblogic.jms.common.JMSSecurityHelper.checkPermission(JMSSecurityHelper.java:157) ...This problem, described in Oracle Bug 8149019, has been fixed in Oracle WebLogic Server 10.0 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Administration
Description: A crash can occur in Oracle JRockit 1.4.2_0 when calling remote web services, causing a NullPointerException in the native code.The following is an example thread stack trace: - - - - - - - - - -Error code: 52Error Message: Null pointer exception in native codeSignal info : si_signo=11, si_code=2 - - - - - - - - - -Thread Stack Trace: at org/apache/axis/message/MessageElement.addTextNode(MessageElement.java:1388)@0xa77c3ae0 at org/apache/axis/message/SOAPHandler.addTextNode(SOAPHandler.java:148)@0xa77ea0d6 at org/apache/axis/message/SOAPHandler.endElement(SOAPHandler.java:112)@0xa77ea8ed at org/apache/axis/encoding/DeserializationContext.endElement(DeserializationContext.java:1087)@0xa77ea468
Severity: Warning
Rationale: Administration
Description: Application Java Byte code produces wrong date when it is compiled with Oracle JRockit 1.5.0_08 R27.1.0For example when using java.util.Calendar:calendar.set(Calendar.MONTH, (calendar.get(Calendar.MONTH) - 1));and when we print Calendar.getTime() the wrong value for month is returned.System.out.println("DATE: " + calendar.getTime());
Severity: Warning
Rationale: Development
Description: An exception can occur in the Oracle WebLogic Server 10.0 Administration Console when you click the Servers - Monitoring tab - Performance tab. This issue occurs only if you are using JRockit R27.3, R27.4, R27.5, or R27.6.The following exceptions may occur:Error opening /jsp/core/server/ServerMonitoringPerformanceForm.jsp.The source of this error is javax.servlet.ServletException: javax.xml.transform.TransformerException:com.sun.org.apache.xml.internal.utils.WrappedRuntimeException:The entity name must immediately follow the '&' in the entity reference.at weblogic.servlet.jsp.PageContextImpl.handlePageExceptionThis problem, described in Oracle Bug 8116840, has been fixed in Oracle WebLogic Server 10.0 Maintenance Pack 1.
Severity: Minor Warning
Rationale: Administration
Description: An exception can occur in the Oracle WebLogic Server 10.0 Administration Console when you click the Servers - Monitoring tab - Performance tab. This issue occurs only if you are using JRockit R27.3, R27.4, R27.5, or R27.6.The following exceptions may occur:Error opening /jsp/core/server/ServerMonitoringPerformanceForm.jsp.The source of this error is javax.servlet.ServletException: javax.xml.transform.TransformerException:com.sun.org.apache.xml.internal.utils.WrappedRuntimeException:The entity name must immediately follow the '&' in the entity reference.at weblogic.servlet.jsp.PageContextImpl.handlePageException
Severity: Warning
Rationale: Administration
Description: The Heap Snapshot table on the Heap Overview tab appears to be configurable, but is not.
Severity: Minor Warning
Rationale: Administration
Description: The Memory Usage data on the General tab and the Optimization data on the Optimization tab of JRockit Mission Control's JRA window cannot be copied to the clipboard using the right click context menu. This works for the other data fields in JRockit Mission Control.
Severity: Minor Warning
Rationale: Administration
Description: When a Java application that has inline calculation in the array access is deployed on a Oracle WebLogic Server with Oracle JRockit R26.4.0-JDK1.5.0_06, a crash can occur.The error message is as follows:Error Message: Illegal memory access. [54]Signal info : si_signo=11, si_code=1
Severity: Warning
Rationale: Administration
Description: A JSP compilation problem occurs if uppercase letters are used in the JSP path. For example, assume you compile two .jsp files, one with uppercase letters in the path (: /TEST/A.jsp) and and the other with lowercase letters (/test/A.jsp). After compilation, the generated jsp_servlet path will be the same for both (?/jsp_servlet/_test/A.jsp).
Severity: Warning
Rationale: Administration
Description: In Oracle WebLogic Server 10.0, an error occurs when deploying EJB 3 beans that have methods containing JSR 201 varargs.
Severity: Warning
Rationale: Administration
Description: In Oracle WebLogic Server 10.0, an error occurs when deploying EJB 3 beans that have methods containing JSR 201 varargs.This problem, described in Oracle Bug 8165732, has been fixed in Oracle WebLogic Server 10.3.
Severity: Minor Warning
Rationale: Administration
Description: The following error occurs when starting the managed server with 1.4.1_X JVM:"weblogic.utils.AssertionError: ***** ASSERTION FAILED *****[ invalid assignment from 'Object' to 'Object' ] at weblogic.utils.Debug.assertion(Debug.java:57)"The managed server startup failures due to weblogic.utils.AssertionError is because of JVM HotSpot optimizations. This is a JVM issue.
Severity: Minor Warning
Rationale: Administration
Description: A crash can happen while executing Oracle JRockit R27.X parallel garbage collection(-Xgc:parallel )objPoolMarkAllWeak function passes a null object to refResweepWeakHandle, giving a Tread Stack Trace as the following one: at refResweepWeakHandle+117()@0xb7d0f245 at objPoolMarkAllWeak+630()@0xb7ce03a6 ...This can be observed mostly using JVMTI agent.
Severity: Minor Warning
Rationale: Administration
Description: The system returns the following license verification errors when attempting to deploy the Edge Server from a Web Application Archive (WAR) file when running Oracle WebLogic Server 10.0:ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1180720904590> <BEA-101216> <Servlet: "RFIDEdgeServlet" failed to preload on startup in Web application: "rfidedge-3.0.0.war".java.lang.RuntimeException: Unable to start due to license verification error: Exception occurred while reading the license file. at com.connecterra.servlet.RFIDEdgeServlet.init(RFIDEdgeServlet.java:91) at weblogic.servlet.internal.StubSecurityHelper$ServletInitAction.run(StubSecurityHelper.java:282) ...
Severity: Warning
Rationale: Administration
Description: When the application is recompiled as hash code created by the EJB container, it is different from the previous recompilation. Because application recompilation takes a large part of the time required for deployment, this slows down Oracle WebLogic Server deployment time, as compared to that for JBoss.
Severity: Minor Warning
Rationale: Administration
Description: When the application is recompiled as hash code created by the EJB container, it is different from the previous recompilation. Since application recompilation takes a large part of the time required for deployment, this slows down Oracle WebLogic Server deployment time, as compared to that for JBoss.This problem, described in Oracle Bug 8121596, has been fixed in Oracle WebLogic Server 10.0 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Administration
Description: Using globally scoped Work Manager in Oracle WebLogic Server 10.x and the dispatch-policy element of the WebLogic Enterprise bean in weblogic-ejb-jar.xml, the Message Driven Bean (MDB) fails to connect to the destination throwing:The Message-Driven EJB: WMTestMDB is unable to connect to the JMS destination: queue.cap.TestQueue. The Error was: java.lang.NegativeArraySizeException: allocArray>The error is:1. Seen when Maximum Threads Constraint Count = -1 (default value).2. NOT seen if application scoped work manager used.To avoid this problem, use:1. Application scoped work manager.2. A positive integer for Maximum Threads Constraint Count != -13. A global work manager, delete the Maximum Threads Constraint.
Severity: Minor Warning
Rationale: Administration
Description: When using globally scoped Work Manager in Oracle WebLogic Server 10.x and specifying the work manager using the dispatch-policy element of the weblogic-enterprise-bean in weblogic-ejb-jar.xml, the Message Driven Bean (MDB) fails to connect to the destination and throws the following error message:[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1227880827533> <BEA-010061> <The Message-Driven EJB: WMTestMDB is unable to connect to the JMS destination: queue.cap.TestQueue. The Error was: java.lang.NegativeArraySizeException: allocArray>Oracle Bug 8179644 has been fixed in Oracle WebLogic Server 10.3 Maintenance Pack 2
Severity: Minor Warning
Rationale: Administration
Description: A Message Driven Bean (MDB) does not connect to a remote distributed queue through local ForeignJMSServer without giving a provider URL in the deployment descriptor. However, it can connect to a remote Oracle WebLogic Server queue (not distributed) without providing a provider URL.This problem, described in Oracle Bug 8141201, has been fixed in Oracle WebLogic Server 10.0 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Not Complying with Specifications
Description: If the Oracle WebLogic Server Administration Server goes down and the backup Administration Server is restarted at a different URL, managed servers connected to the Administration Server are disconnected.
Severity: Warning
Rationale: Administration
Description: If the Oracle WebLogic Server Administration Server goes down and the backup Administration Server is restarted at a different URL, Managed Servers connected to the Administration Server are disconnected.This problem, described in Oracle Bug 8110232, has been fixed in Oracle WebLogic Server 10.0 Maintenance Pack 1.
Severity: Minor Warning
Rationale: Administration
Description: When an Oracle WebLogic Server cluster has been configured on a Solaris 10 box(es), Managed Server instance(s) may periodically drop in and out of the cluster.Even though the server instances automatically rejoin the cluster, there will be lost multicast messages, and response time will be impacted due to the increased cluster housekeeping being required (for example, increased failover of requests or additional session replication needing to be carried out). This will then result in slower performance being seen by the end user/client.This issue is seen only on Solaris 10, regardless of the version of Oracle WebLogic Server being used.
Severity: Warning
Rationale: Performance
Description: A memory leak occurs with distributed garbage collection. On the server side, once all RMI clients are disconnected and the remote object is unbound from the RMI service, the client code java.rmi.server.Unreferenced.unreferenced method is not invoked as expected.
Severity: Minor Warning
Rationale: Administration
Description: Memory leaks can occur in the Javelin Framework, which can lead to an increase in the number of objects when a JSP page is compiled.
Severity: Warning
Rationale: Administration
Description: Memory leaks can occur in the Javelin Framework, which can lead to an increase in the number of objects when a JSP page is compiled.This problem, described in Oracle Bug 8196614, has been fixed in Oracle WebLogic Server 10.0 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Administration
Description: Message bridge does not forward messages after server restart via console until it (message bridge) is restarted again.This problem, described in Oracle Bug 8131966, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Administration
Description: The ejbTimout() method in a superclass is not recognized. In an example scenario, assume there are several MessageDrivenBeans that derive from an abstract superclass that implements javax.ejb.MessageDrivenBean, javax.jms.MessageListener, and javax.ejb.TimedObject. The EJBTimer is also started. With Oracle WebLogic Server 10.0, the server throws the following exception:java.lang.IllegalStateException: [EJB:011084]This EJB class does not support EJB timers and therefore is prohibited from using the TimerService.To use EJB timers, the bean class must implement javax.ejb.TimedObject or have a method annotated with @Timeout. at weblogic.ejb.container.internal.BaseEJBContext$1.invoke(BaseEJBContext.java:429)
Severity: Minor Warning
Rationale: Development
Description: Method ejbTimout() in superclass is not recognized. With Oracle WebLogic Server 10.0, the server throws the following exception:java.lang.IllegalStateException: [EJB:011084]This EJB class does not support EJB timers and therefore is prohibited from using the TimerService.To use EJB timers, the bean class must implement javax.ejb.TimedObject or have a method annotated with @Timeout. at weblogic.ejb.container.internal.BaseEJBContext$1.invoke(BaseEJBContext.java:429) at $Proxy151.createTimer(Unknown Source) ...Oracle Bug 8120098 has been fixed in Oracle WebLogic Server 10.0 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Development
Description: The multicast address must be between 224.0.0.0 and 239.255.255.255.
Severity: Warning
Rationale: Subsystem Outage
Description: Many threads get blocked on weblogic.messaging.kernel.internal.MessageHandle.waitForPaging(MessageHandle.java:474)The block is as a result of waiting for the Paging on MessageHandle(s) to finish.The particular thread that appears to be holding the lock is: "[ACTIVE] ExecuteThread: '303' for queue: 'weblogic.kernel.Default (self-tuning)'" RUNNABLE weblogic.messaging.kernel.internal.PagingImpl.run(PagingImpl.java:455) weblogic.work.ServerWorkManagerImpl$WorkAdapterImpl.run (ServerWorkManagerImpl.java:518) weblogic.work.ExecuteThread.execute(ExecuteThread.java:207) weblogic.work.ExecuteThread.run(ExecuteThread.java:179)The thread is RUNNABLE and holds the lock on a MessageHandle.
Severity: Minor Warning
Rationale: Administration
Description: Many threads get blocked on weblogic.messaging.kernel.internal.MessageHandle.waitForPaging(MessageHandle.java:474)The block is as a result of waiting for the Paging on MessageHandle(s) to finish.The particular thread that appears to be holding the lock is: "[ACTIVE] ExecuteThread: '303' for queue: 'weblogic.kernel.Default (self-tuning)'" RUNNABLE weblogic.messaging.kernel.internal.PagingImpl.run(PagingImpl.java:455) weblogic.work.ServerWorkManagerImpl$WorkAdapterImpl.run (ServerWorkManagerImpl.java:518)The thread is RUNNABLE and holds the lock on a MessageHandle.This problem, described in Oracle Bug 8112849, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Administration
Description: A Multithreaded Client receives the following exception when invoking an EJB3 entity bean using a session bean. The concurrent EJB method invocations are being succeeded, and also failing randomly. When the client is running with only one thread, there is no failure.The exception is as follows:javax.ejb.EJBException: nested exception is:javax.persistence.TransactionRequiredException: The method public abstractvoid javax.persistence.EntityManager.persist(java.lang.Object) must be called in the context of a transaction.javax.persistence.TransactionRequiredException: The method public abstractvoid javax.persistence.EntityManager.persist(java.lang.Object) must be calledin the context of a transaction.....
Severity: Warning
Rationale: Subsystem Outage
Description: A Multithreaded Client receives the following exception when invoking an EJB3 entity bean using a session bean. The concurrent EJB method invocations are being succeeded, and also failing randomly. When the client is running with only one thread, there is no failure.The exception is as follows:javax.ejb.EJBException: nested exception is:javax.persistence.TransactionRequiredException: The method public abstractvoid javax.persistence.EntityManager.persist(java.lang.Object) must be called in the context of a transaction.....The problem, described in Oracle Bug 8161389, has been fixed in Oracle WebLogic Server 10.0 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Subsystem Outage
Description: When using -Dweblogic.system.iiop.reconnectOnBootstrap=true on an IIOP client, IIOP sockets are created/closed per creating InitialContext. However, weblogic.iiop.MuxableSocketIIOP remains in sockets in SocketMuxer. As a result, an OutOfMemoryError occurs on IIOP client.
Severity: Minor Warning
Rationale: Administration
Description: When using -Dweblogic.system.iiop.reconnectOnBootstrap=true on an IIOP client, IIOP sockets are created/closed per creating InitialContext. However, weblogic.iiop.MuxableSocketIIOP remains in sockets in SocketMuxer. As a result, an OutOfMemoryError occurs on the IIOP client.This problem, described in Oracle Bug 8157696, has been fixed in Oracle WebLogic Server 10.0 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Administration
Description: During the server startup the performance pack or native IO should be loaded if NativeIOEnabled switch is turned on. If this does not occur, usually the library path is not set correctly or the user rights for the directory or performance pack library file are not set properly.
Severity: Warning
Rationale: Performance
Description: When an interface is not compliant with the implementation classes, Oracle JRockit may crash or throw a NullPointerException. This occurs because Oracle JRockit does not perform verification of implemented interfaces before a call, unless it is started with the option -Xverify:all.Oracle JRockit R24.5.0 and previous versions crash under these conditions. Oracle JRockit R25.2.1-11 and later throw a NullPointerException where an IncompatibleClassChangeError could be expected.
Severity: Critical
Rationale: Server Outage
Description: Unable to monitor the MDB Durable Subscriber in the Oracle WebLogic Server Administration Console.
Severity: Minor Warning
Rationale: Development
Description: A NullPointer exception is thrown when trying to access an application that is deployed as a hot deployment.java.lang.NullPointerExceptionat javelin.java.typesystem.ParamType.equalsNonRecursive(ParamType.java:502) at javelin.java.typesystem.Method.paramsEqual(Method.java:318) at javelin.java.typesystem.Method.equals(Method.java:336)
Severity: Minor Warning
Rationale: Development
Description: A NullPointer exception is thrown when trying to access an application that is deployed as a hot deployment.java.lang.NullPointerExceptionat javelin.java.typesystem.ParamType.equalsNonRecursive(ParamType.java:502) at javelin.java.typesystem.Method.paramsEqual(Method.java:318) at javelin.java.typesystem.Method.equals(Method.java:336)This problem, described in Oracle Bug 8106219, has been fixed in Oracle WebLogic Server 10.0 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Development
Description: Running with Oracle JRockit 1.5.0_08(R27.1.0) and getting a NullPointerException in java.nio.DirectByteBuffer._get()Following is the stack trace along with the NPE thrown,java.lang.NullPointerException:java.nio.DirectByteBuffer._get(Unknown Source)java.nio.Bits.getIntL(Unknown Source)java.nio.Bits.getInt(Unknown Source)java.nio.HeapByteBuffer.getInt(Unknown Source)
Severity: Warning
Rationale: Administration
Description: After reloading a servlet, a NullPointerException occurs when calling a Java Web Service.At first, WebServices(WSDL) call works fine; however, after reloading the servlet, it generates a NullPointerException when calling the WebServices again.java.lang.NullPointerException at weblogic.wsee.server.servlet.BaseWSServlet.init(BaseWSServlet.java:72) at javax.servlet.GenericServlet.init(GenericServlet.java:241) ...
Severity: Minor Warning
Rationale: Administration
Description: After reloading a servlet, a NullPointerException occurs when calling a Java Web Service.At first, WebServices(WSDL) call works fine; however, after reloading the servlet, it generates a NullPointerException when calling the Web Services again.java.lang.NullPointerException at weblogic.wsee.server.servlet.BaseWSServlet.init(BaseWSServlet.java:72) at javax.servlet.GenericServlet.init(GenericServlet.java:241) at weblogic.servlet.internal.StubSecurityHelper$ServletInitAction.run(StubSecurityHelper.java:282) ...This problem, described in Oracle Bug 8129336, has been fixed in Oracle WebLogic Server 10.0 Maintenance Pack 2
Severity: Minor Warning
Rationale: Administration
Description: A NullPointerException occurs when deploying a Web Service that uses @HandlerChain.weblogic.application.ModuleException: [HTTP:101216]Servlet: 'WSAATestService'failed to preload on startup in Web application: 'wsaa-jaxwshandlertest.war'.java.lang.NullPointerExceptionat weblogic.wsee.monitoring.WseeRuntimeMBeanManager.createJaxWsHandlers(WseeRuntimeMBeanManager.java:108)...
Severity: Minor Warning
Rationale: Development
Description: A NullPointerException occurs when deploying a Web Service that uses @HandlerChain.The following exception occurs:weblogic.application.ModuleException: [HTTP:101216]Servlet: 'WSAATestService'failed to preload on startup in Web application: 'wsaa-jaxwshandlertest.war'.java.lang.NullPointerExceptionat weblogic.wsee.monitoring.WseeRuntimeMBeanManager.createJaxWsHandlers(WseeRuntimeMBeanManager.java:108)...This problem, described in Oracle Bug 8189587, has been fixed in Oracle WebLogic Server 10.0 Maintenance Pack 2
Severity: Minor Warning
Rationale: Development
Description: A NullPointerException is reported by JWSC (Java Web Service compiler) if portName in the implementation class does not match with the portName in Web Service Definition Language (WSDL).Sample error message:java.lang.NullPointerExceptionat weblogic.wsee.tools.anttasks.JwscTask.execute(JwscTask.java:190)at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:275)at org.apache.tools.ant.Task.perform(Task.java:364)at org.apache.tools.ant.Target.execute(Target.java:341)at org.apache.tools.ant.Target.performTasks(Target.java:369)at org.apache.tools.ant.Project.executeSortedTargets(Project.java:1216)at org.apache.tools.ant.Project.executeTarget(Project.java:1185)...
Severity: Warning
Rationale: Development
Description: The patch for Oracle Bug 8151745 places a restriction on the size of JSPs, if the class file generated by the JSP compiler generates methods that exceed the 64K.The server log shows that the JSP cannot be loaded because the requested class was not found in the classpath, and the browser cannot display a blank page.This problem has been fixed in Oracle WebLogic Server 10.0 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Administration
Description: Oracle JRockit 1.4.2_12 crashed on multiple WLS 8 SP4 servers.Oracle JRockit dump shows the following stack trace:Stack 0: start=0xb7a58000, end=0xb7a9c000, guards=0xb7a5d000 (ok),forbidden=0xb7a5b000Thread Stack Trace: at mmGetObjectSize+8()@0xb7e6b3c8 at findNext+166()@0xb7e9a006 at refIterGetNext+44()@0xb7e9a24c at trMarkRootsForThread+325()@0xb7ea83b5 at mmMarkRootsForThread+44()@0xb7e2cc2c at mmParThreadInspection+45()@0xb7e7794d at tsDoGCInspectionForAllThreads+37()@0xb7ed8555 at mmParMark+118()@0xb7e77d16 at mmGCMainLoop+1074()@0xb7d73722 at tsiCallStartFunction+81()@0xb7e1ac81 at tsiThreadStub+126()@0xb7e1bd1e at ptiThreadStub+18()@0xb7e840d2 at start_thread+129()@0x9e6371 at clone+94()@0x88e9be - Java stack -
Severity: Critical
Rationale: Server Outage
Description: Oracle JRockit 5.0 - file.encoding does not work on Linux - instead the default system settings are usedIn java versions prior to 5.1 (or 1.5), the system property -D file.encoding defined an encoding that will be used by FileReader / FileWriter. This is still true for Sun Hotspot 1.5 and also for Oracle JRockit 5.0 on Windows.However, on Linux, setting the system property -Dfile.encoding does not have any effect on FileReader / FileWriter They take their encoding from the system default settings.This problem only happens on Linux - not on Windows.
Severity: Warning
Rationale: Administration
Description: In Oracle JRockit R26 versions earlier than R26.4 on Windows operating systems, Oracle JRockit can expose a problem in the OS related to multimedia timers that causes the system time to be adjusted backwards.This can cause the system time to jump back by about 1 minute. If this happens, you can turn off the use of multimedia timers with -Djrockit.periodictask.usemmtimers=false, otherwise upgrade to R26.4 or later.
Severity: Warning
Rationale: Administration
Description: For JRockit releases R26.4 and R27, if a thread was interrupted for garbage collection while it was in the process of copying an array, then the garbage collection may result in very long pauses.
Severity: Warning
Rationale: Performance
Description: Sometimes, calling inflate on a closed Inflater results in Oracle JRockit crashing, creating a core file. It can occur with Oracle JRockit R27.3.1.The relevant stack trace will be similar to the following:Thread Stack Trace: at inflate+73()@0x000000001027C409 at RJNI_java_util_zip_Inflater_inflateFast+90()@0x000000001020162A - Java stack - at java/util/zip/Inflater.inflateFast(JJIJI)I(Native Method) at java/util/zip/Inflater.inflateBytes(Inflater.java:354) at java/util/zip/Inflater.inflate(Inflater.java:216)
Severity: Critical
Rationale: Administration
Description: Oracle does not support Oracle JRockit running on the ELhugemem kernel.The ELhugemem kernel had been intended as a stopgap measure until 64-bit kernels, which are a better choice, became readily available. An example of problems with the ELhugemem kernel is 5-10 percent performance loss under normal I/O and even greater performance degradation when more calls are made into the kernel (for example, heavy I/O).
Severity: Warning
Rationale: Not Complying with Specifications
Description: Oracle WebLogic Server is running on an AIX platform and is configured with IIOP enabled. Please note that the thin client is not supported for this configuration.
Severity: Minor Warning
Rationale: Non-User Viewable Errors
Description: In Oracle WebLogic Server 10.0, Tuxedo WTC JATMI classes such as "TuxedoConnection and TuxedoConnectionFactory " are not included in weblogic.wtc package. These classes are now available from com.bea.core.jatmi_1.0.0.0.jar (in the modules directory of Oracle WebLogic Server 10 installation).
Severity: Minor Warning
Rationale: Development
Description: When using Oracle WebLogic Integration 9.2 Maintenance Pack 1/Maintenance Pack 2, if input XML contains nested CDATA, parsing of this document results in some missing characters from the original input data.For example, the following line is part of the input XML:< ! [ CDATA [<Category>< ! [ CDATA [ <data>data</data> ] ] ></Category> ] ] >Parsing results in the following line:< ! [ CDATA [<Category>< ! [ CDATA [ <data>data</data> ] ] ></Category>] ] >Note the two missing characters at the end of the line (after Category '>' becomes '>').
Severity: Minor Warning
Rationale: Administration
Description: The patch for Oracle Bug 8151745 introduces a regression, in which it places a restriction on the size of JSPs. The class file generated by the JSP compiler generates methods that exceed the allowed size (64 KB).Server log shows the following:[weblogic.servlet.internal.WebAppServletContext@314ec947 - appName: 'application', name: '/eventManager', context-path: '/eventManager']: Servlet class com.on24.eventManager.__eventdescription for servlet /eventDescription.jsp could not be loaded because the requested class was not found in the classpath ... jsp_compile.java.lang.ClassFormatError: ...The browser displays a blank page.
Severity: Warning
Rationale: Administration
Description: Typically, each Oracle patch corresponds to a specific version of Oracle WebLogic Server. Using a patch that is designated for a different version of Oracle WebLogic Server may result in failures or incorrect behavior.
Severity: Warning
Rationale: Administration
Description: Benchmarks show major performance improvements when native performance packs are used on machines that host Oracle WebLogic Server instances. Performance packs use a platform-optimized, native socket multiplexor to improve server performance.
Severity: Minor Warning
Rationale: Administration
Description: A significant performance degradation can occur for Oracle WebLogic Server 10.0 running on AIX.When using a user thread instead of an execute thread, high CPU usage can occur when an exception is thrown. This is due to unnecessary "try and catch" statements in the Oracle WebLogic Server code.Sun JVM in server mode, as well as Oracle JRockit JVM, automatically optimize exception generation when the exception is ignored in a catch. However, IBM JVM for AIX does not optimize exception generation.
Severity: Minor Warning
Rationale: Administration
Description: A significant performance degradation can occur for Oracle WebLogic Server 10.0 running on AIX.When using a user thread instead of an execute thread, high CPU usage can occur when an exception is thrown. This is due to unnecessary "try and catch" statements in the Oracle WebLogic Server code.The Sun JVM in server mode, as well as Oracle JRockit JVM, automatically optimizes exception generation when the exception is ignored in a catch. However, the IBM JVM for AIX does not optimize exception generation.This problem, described in Oracle Bug 8174460, has been fixed in Oracle WebLogic Server 10.0 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Administration
Description: If a thread requires a connection from a JDBC pool and no connection is available, the thread must wait until one becomes available. At some point in time, a connection pool in your domain had a number of requests waiting for a connection, which may impact the performance of waiting threads.
Severity: Warning
Rationale: Performance
Description: The use of a prepared statement or callable statement in an application or EJB creates a considerable processing overhead for the communication between the application server and the database server and on the database server itself.To minimize these processing costs, Oracle WebLogic Server can cache the prepared and callable statements that are used in your applications. When an application or EJB calls any of the statements stored in the cache, Oracle WebLogic Server reuses the cached statement. Reusing these statements reduces CPU usage on the database server, which improves the performance of the current statement and leaves the CPU available for other tasks.
Severity: Warning
Rationale: Performance
Description: PermGen space does not appear to be released between deployments. After undeploying an application, the PermGen space appears to be unreleased. This results in an OutOfMemoryError with PermGen space. This problem is more visible with Oracle WebLogic Portal-related application deployments.
Severity: Warning
Rationale: User Viewable Errors
Description: When using the IIS plug-in in Oracle WebLogic Server 10.0, the Chunked Transfer Encoding responses are buffered by the plug-in. However, the plug-in should stream the chunks when they are received.A new flag, WLFlushChunks, is added in the iisproxy.ini. Setting the WLFlushChunks flag to ON resolves the issue. By default, the flag is OFF.
Severity: Warning
Rationale: Administration
Description: When using the IIS plug-in in Oracle WebLogic Server 10.0, the Chunked Transfer Encoding responses are buffered by the plug-in. However, the plug-in should stream the chunks when they are received.A new flag, WLFlushChunks, is added in the iisproxy.ini. Setting the WLFlushChunks flag to ON resolves the issue. By default, the flag is OFF.This problem, described in Oracle Bug 7936746, has been fixed in Oracle WebLogic Server 10.0 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Administration
Description: In the log of the server where entity EJBs are deployed, the following exception may be logged:javax.ejb.EJBException: [EJB:010108]The EJB Lock Manager has received an unlock request from EJB:<ejb-class-name> with primary key:<key-field-name>. However, this primary key could not be found in the Lock Manager. This indicates either an EJB container bug, or the equals and hashCode methods for the primary key class:<key-class>.UserPK are implemented incorrectly. Please check the equals and hashCode implementations. [java] at weblogic.ejb.container.locks.ExclusiveLockManager$LockBucket.unlock(ExclusiveLockManager.java:409) [java] at weblogic.ejb.container.locks.ExclusiveLockManager.unlock(ExclusiveLockManager.java:170)...
Severity: Warning
Rationale: Development
Description: In the log of the server where entity beans are deployed, the following exception may be logged:javax.ejb.EJBException: [EJB:010108]The EJB Lock Manager has received an unlock request from EJB:<ejb-class-name> with primary key:<key-field-name>. However, this primary key could not be found in the Lock Manager. This indicates either an EJB container bug, or the equals and hashCode methods for the primary key class:<key-class>.UserPK are implemented incorrectly. Please check the equals and hashCode implementations. [java] at weblogic.ejb.container.locks.ExclusiveLockManager$LockBucket.unlock(ExclusiveLockManager.java:409)This problem, described in Oracle Bug 8083963, has been fixed in Oracle WebLogic Server 10.0 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Development
Description: The domain is running in production mode, but the HostnameVerification property has been disabled. When the HostnameVerification attribute has been disabled, Oracle WebLogic Server no longer ensures that the certificate received from a remote site matches the DNS name when making a remote SSL connection. This leaves the connection vulnerable to a "man in the middle" attack.
Severity: Warning
Rationale: Administration
Description: Reading an environment variable in a WebLogic Scripting Tool script under Windows 2003 does not work. wls:/offline> import os wls:/offline> sys.version '2.1' wls:/offline> os.environ['WL_HOME'] Failed to get environment, environ will be empty: (0, "Failed to execute command (['sh', '-c', 'env']): java.io.IOException: CreateProcess: sh -c env error=2")
Severity: Minor Warning
Rationale: Subsystem Outage
Description: Issue appears if the Web Services Definition Language (WSDL) has a operation name that is identical to the name of an element in the schema it references. For example, WSDL contains the following:<portType name="TestServiceSOAP"> <operation name="getMethod1"> <input message="ts:getMethod1Request"/> <output message="ts:getMethod1Response"/> </operation> <operation name="getMethod2"> <input message="ts:getMethod2Request"/> <output message="ts:getMethod2Response"/> </operation> </portType> And the schema it references contain: <xs:element name="getMethod1" type="ns1:EmptyRequest"/> <xs:element name="getMethod1Response" type="ns1:Holder"/> <xs:element name="getMethod2" type="ns1:EmptyRequest"/> <xs:element name="getMethod2Response"
Severity: Minor Warning
Rationale: Development
Description: The problem is related to sending back an HTTP-304 (not modified) response.When an HTTP response is wrapped with an HttpServletResponseWrapper or a child class, the response from the server does not send a 'Content-Length: 0' header. Instead the server sends 'Transfer-Encoding: chunked'. This response causes slow processing or unexpected behavior with Firefox, but works fine in Internet Explorer.
Severity: Minor Warning
Rationale: Performance
Description: The problem is caused by sending back an HTTP-304 (not modified) response.When an HTTP response is wrapped with an HttpServletResponseWrapper or a child class, the response from the server does not send a 'Content-Length: 0' header. Instead the server sends 'Transfer-Encoding: chunked'. This response causes slow processing or unexpected behavior with Firefox, but works fine in Internet Explorer.This problem, described in Oracle Bug 8087247, has been fixed in Oracle WebLogic Server 10.0 Maintenance Pack 1.
Severity: Minor Warning
Rationale: Performance
Description: A ResourceAccessException from a JTA sub-system while delivering a message causes the message to stay in the pending state permanently until a server restart.javax.transaction.SystemException: start() failed on resource 'WLStore_domain_BUS01_BIZ_FileStore-mgd02BUS01': XAER_RMERR : A resource manager error has occured in the transaction branch weblogic.transaction.internal.ResourceAccessException: Transaction has timed out when making request to XAResource 'WLStore_domain_BUS01_BIZ_FileStore-mgd02BUS01'. at weblogic.transaction.internal.XAResourceDescriptor.startResourceUse(XAResourceDescriptor.java:712)...
Severity: Minor Warning
Rationale: User Viewable Errors
Description: SAF is discarding messages causing message loss.
Severity: Critical
Rationale: Administration
Description: SAF is discarding messages causing message loss.This problem, described in Oracle Bug 8964001, has been fixed in Oracle WebLogic Server 10.3 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Administration
Description: SAF sometimes stops forwarding messages when the receiving server(s) are restarted.
Severity: Minor Warning
Rationale: Administration
Description: SAF sometimes stops forwarding messages when the receiving server(s) are restarted.This problem, described in Oracle Bug 8118031, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 3.
Severity: Minor Warning
Rationale: Administration
Description: When generating SNMP Traps from a SIP Servlet using SipServletSnmpTrapRuntimeMBean in conjunction with CommonJ timers, the traps fail with NullPointerExceptions. Without CommonJ timers, the traps work as expected.
Severity: Warning
Rationale: User Viewable Errors
Description: This is required to support SSL socket connection timeout using out-of-the-box (JRockit) JVM.
Severity: Warning
Rationale: Non-User Viewable Errors
Description: This is required to support SSL socket connection timeout using out-of-the-box (JRockit) JVM.This problem, described in Oracle Bug 8183018, has been fixed in Oracle WebLogic Server 10.3 Maintenance Pack 1.
Severity: Minor Warning
Rationale: Non-User Viewable Errors
Description: Upgrading to the versions 1.6.0_14 and 1.5.0_19 of the Sun JDK or Oracle JRockit causes compatibility issues between Sun JDK and Oracle JRockit handling of SSL and Oracle WebLogic Server handling of SSL.
Severity: Critical
Rationale: Non-User Viewable Errors
Description: Upgrading to the versions 1.6.0_14 and 1.5.0_19 of the Sun JDK or Oracle JRockit causes compatibility issues between Sun JDK and Oracle JRockit handling of SSL and Oracle WebLogic Server handling of SSL.
Severity: Critical
Rationale: Non-User Viewable Errors
Description: Oracle WebLogic Server may hang with every execute thread in STANDBY state.Note that Minimum Thread Constraint is not applied..Every ExecuteThread become as following.."[STANDBY] ExecuteThread: '1' for queue: 'weblogic.kernel.Default(self-tuning)'" daemon prio=10 tid=0x017ad9b8 nid=0x32 in Object.wait()[0xbcd7f000..0xbcd7faf0] at java.lang.Object.wait(Native Method) - waiting on <0xd96795d8> (a weblogic.work.ExecuteThread) at java.lang.Object.wait(Object.java:474) at weblogic.work.ExecuteThread.waitForRequest(ExecuteThread.java:156) - locked <0xd96795d8> (a weblogic.work.ExecuteThread) at weblogic.work.ExecuteThread.run(ExecuteThread.java:177)
Severity: Warning
Rationale: User Viewable Errors
Description: Oracle WebLogic Server may hang with every execute thread in STANDBY state.Note that Minimum Thread Constraint is not applied..Every ExecuteThread become as following.."[STANDBY] ExecuteThread: '1' for queue: 'weblogic.kernel.Default(self-tuning)'" daemon prio=10 tid=0x017ad9b8 nid=0x32 in Object.wait()[0xbcd7f000..0xbcd7faf0] at java.lang.Object.wait(Native Method) - waiting on <0xd96795d8> (a weblogic.work.ExecuteThread) at java.lang.Object.wait(Object.java:474) at weblogic.work.ExecuteThread.waitForRequest(ExecuteThread.java:156) - locked <0xd96795d8> (a weblogic.work.ExecuteThread) at weblogic.work.ExecuteThread.run(ExecuteThread.java:177)This problem, described in 8636905, has been fixed in Oracle WebLogic Server 10.3 Maintenance Pack 2.
Severity: Minor Warning
Rationale: User Viewable Errors
Description: With a configuration of a Foreign JMS Server between two Oracle WebLogic Server domains (Oracle WebLogic Server 10.0) and a Session Bean with wrapper class deployed, when trying to send messages, a java.lang.NullPointerException is thrown.
Severity: Warning
Rationale: Development
Description: A web application is deployed to a cluster, and the session cookie has been modified from the default (JSESSIONID). If the application is being accessed by means of a webserver running the Oracle WebLogic plugin, and the configuration has not been updated, the plugin may route Oracle WebLogic Server requests incorrectly.
Severity: Minor Warning
Rationale: Administration
Description: Sessions are lost after configuring SAML with two domains (Oracle WebLogic Server 10.0) running on one system.It is a SAML requirement to set all Web application cookie names to the default (JSESSIONID). With this setting, the client browser can differentiate cookies originating from different domains only if the IPAddress or hostname of the SAML source and destination domain are not the same.
Severity: Critical
Rationale: User Viewable Errors
Description: Setting shrink frequency seconds to 0 failed to disable connection pool shrinking. Turning shrinking off did not take effect until restart. This has been fixed.
Severity: Minor Warning
Rationale: Administration
Description: Setting shrink frequency seconds to "0" failed to disable connection pool shrinking. Turning shrinking off did not take effect until reboot. This issue has been fixed.This problem, described in Oracle Bug 8173564, has been fixed in Oracle WebLogic Server 10.0 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Administration
Description: When starting Oracle WebLogic Server on Solaris 8 or 5.8, the default threading libraries of the operating system may cause various JVM threading issues, which can ultimately result in the server hanging or crashing.
Severity: Critical
Rationale: Server Outage
Description: Some signatures require runtime MBeans to be created for Session Monitoring, in order to collect MBean data. If Session Monitoring is not enabled, data collection may be erratic or incomplete.
Severity: Minor Warning
Rationale: Non-User Viewable Errors
Description: The specification "precompile-continue=true" does not function.If you specify the following: <precompile>true</precompile> <precompile-continue>true</precompile-continue>the application should continue to compile and deploy, even if compilation errors exist in the .jsp files. However, the actual behavior is as if "precompile-continue" was not specified. Errors are reported, and the application is not deployed.
Severity: Minor Warning
Rationale: Administration
Description: In Oracle WebLogic Server 10.0, using the weblogic.jar in standalone mode to build ANT scripts fails. For instance, if you copy the weblogic.jar file to a separate location and then run the following command, it will fail:java -cp <classpath of weblogic.jar> weblogic.Deployer/ weblogic.version
Severity: Minor Warning
Rationale: Development
Description: When JDK 1.6 is used for Oracle WebLogic Server 10.0, java.rmi.UnmarshalException is thrown. This is because JDK 1.6 is not supported for Oracle WebLogic Server 10.0. Oracle recommends to revert to a supported JDK configuration based on your Operating System, as you might encounter unforeseen issues.
Severity: Minor Warning
Rationale: Administration
Description: Recent changes to the definition of US timezones to remove Daylight Savings Time (DST) awareness has broken basic functionality in date handling. The DateFormat parser uses the contents of String zoneStrings[][] in class DateFormatSymbols to identify the timezone based on the zone value in the input date string.For example, the zoneStrings[][] array defines "EST" before "America/New_York" so sets the timezone for the parser to the now non-DST aware "EST" zone.This issue only affects sites using the these three-letter abbreviations of DST times zones denotations, which have been deprecated, and any of the following versions of the Sun JDK:* Sun JDK 1.6* Sun JDK 1.5.0_08 and later* Sun JDK 1.4.2_12 and later
Severity: Warning
Rationale: Not Complying with Specifications
Description: In Oracle WebLogic Server 10.0, Sybase driver 12.5.1 throws exception on getDatabaseMajorVersion method, as follows:javax.ejb.EJBException: EJB Exception: : java.lang.AbstractMethodError:weblogic.jdbc.wrapper.DatabaseMetaData_COM_ibm_db2_jdbc_net_DB2DatabaseMetaData.getDatabaseMajorVersion()This means that the getDatabaseMajorVersion() method is not implemented in the Sybase driver com.sybase.jdbc2.jdbc.SybDriver.
Severity: Minor Warning
Rationale: Administration
Description: Typically, a dollar sign ("$") in the system properties indicates an attempt to reference an environment variable that has not been evaluated correctly. As a result, the property may not have the desired effect.
Severity: Warning
Rationale: Administration
Description: Typically, a percent sign ("%") in the system properties indicates an attempt to reference an environment variable that has not been evaluated correctly. Therefore, the property may not be having the desired effect.
Severity: Warning
Rationale: Administration
Description: When the appc compiler is run on an EJB 3.0 JAR file larger than 40kb, the following exception occurs:weblogic.ejb.container.compliance.ComplianceException: No EJBs found in the ejb-jar file 'server.jar'. Please ensure the ejb-jar contains EJB declarations via an ejb-jar.xml deployment descriptor or at least one class annotated with the @Stateless, @Stateful or @MessageDriven EJB annotation.This problem, described in Oracle Bug 8165618, has been fixed in Oracle WebLogic Server 10.3.
Severity: Minor Warning
Rationale: Development
Description: When appc is run on an EJB 3.0 JAR file where the size of the class file is more than 40 KB, you get the following exception:weblogic.ejb.container.compliance.ComplianceException: No EJBs found in the ejb-jar file 'server.jar'. Please ensure the ejb-jar contains EJB declarations via an ejb-jar.xml deployment descriptor or at least one class annotated with the @Stateless, @Stateful or @MessageDriven EJB annotation.
Severity: Warning
Rationale: Development
Description: weblogic.appc recompiles most of the JSPs from a Web application library shipped with Oracle WebLogic Server, even though they were properly precompiled in the JAR file within /WEB-INF/lib/.The appc compiler should not recompile any of the JSPs that are precompiled even when the command is executed.
Severity: Minor Warning
Rationale: Administration
Description: weblogic.appc recompiles most of the JSPs from a Web application library shipped with Oracle WebLogic Server, even though they were properly precompiled in the JAR file within WEB-INF/lib/.The appc compiler should not recompile any of the JSPs that are precompiled even when the command is executed.This problem, described in Oracle Bug 8158866, has been fixed in Oracle WebLogic Server 10.0 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Administration
Description: The getMessagesPendingCount and getBytesPendingCount of the JMSDestinationRuntimeMBean sometimes return negative values. Consequently, the JMS pending message count (MessagesPendingCount) and pending bytes count (BytesPendingCount) attributes in the JMSDestinationRuntimeMBean are intermittently set to a negative value.
Severity: Minor Warning
Rationale: Administration
Description: The getMessagesPendingCount and getBytesPendingCount of the JMSDestinationRuntimeMBean sometimes return negative values. Consequently, the JMS pending message count (MessagesPendingCount) and pending bytes count (BytesPendingCount) attributes in the JMSDestinationRuntimeMBean are intermittently set to a negative value.This problem, described in Oracle Bug 8128500, has been fixed in Oracle WebLogic Server 10.0 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Administration
Description: In JSP, when Java Beans are used:<jsp:useBean> body gets executed even if named JavaBean already exists in the scope.
Severity: Minor Warning
Rationale: Administration
Description: In JSP, when Java Beans are used:<jsp:useBean> body gets executed even if named JavaBean already exists in the scope.This problem, described in Oracle Bug 8093561, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 1.
Severity: Minor Warning
Rationale: Administration
Description: The mayscript attribute of jsp:plugin is not recognized by the JSP compiler, causing the following error:weblogic.servlet.jsp.CompilationException: Failed to compile JSP /A/daemon.jsp daemon.jsp:12:3: This attribute is not recognized. mayscript='true'> ^ - - - -^ at weblogic.servlet.jsp.JavelinxJSPStub.compilePage(JavelinxJSPStub.java:298) at weblogic.servlet.jsp.JspStub.prepareServlet(JspStub.java:216) at weblogic.servlet.jsp.JspStub.prepareServlet(JspStub.java:165) at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:235).....
Severity: Minor Warning
Rationale: Development
Description: The mayscript attribute of jsp:plugin is not recognized by the JSP compiler, causing the following error:weblogic.servlet.jsp.CompilationException: Failed to compile JSP /A/daemon.jsp daemon.jsp:12:3: This attribute is not recognized. mayscript='true'> ^ - - - -^ at weblogic.servlet.jsp.JavelinxJSPStub.compilePage(JavelinxJSPStub.java:298) at weblogic.servlet.jsp.JspStub.prepareServlet(JspStub.java:216) at weblogic.servlet.jsp.JspStub.prepareServlet(JspStub.java:165) at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:235).....This problem, described in Oracle Bug 8179188, has been fixed in Oracle WebLogic Server 10.0 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Development
Description: The following stacktrace is obtained when trying to setMonitoredAttributeName for SNMPGaugeMonitor on Solaris platform:Caught java.lang.RuntimeException: Timed out waiting for completionjava.lang.RuntimeException: Timed out waiting for completion at weblogic.management.provider.internal.ActivateTaskImpl.waitForCompletion(ActivateTaskImpl.java:374) at weblogic.management.provider.internal.ActivateTaskImpl.waitForTaskCompletion(ActivateTaskImpl.java:349) ...
Severity: Warning
Rationale: Administration
Description: The "Too Many Open Files" error usually occurs after several concurrent users get a connection to the Server. Java opens many files in order to read in the classes required to run your application. High volume applications can use a lot of file descriptors. This could lead to a lack of new file descriptors. Also, each new socket requires a descriptor. Clients and Servers communicate via TCP sockets. Each browser's HTTP request consumes TCP sockets when a connection is established to a Server. Limiting the number of open sockets allowed prevents your server from running out of file descriptors.
Severity: Warning
Rationale: Performance
Description: A few transactions are delayed when the transactions commit using UserTransaction with JMS during a LoadRunner Test.This is a timing issue related to the endPoint in the request object. When this happens, Oracle WebLogic Server throws a java.rmi.server.ServerNotActiveException in the getClientEndPoint() in the ServerHelper class. This sometimes causes a stoppage of the startCommit() process in SubCoordinatorImpl class. And it commits only after the JTA timeout value. This happens between Oracle WebLogic Server instances on a cluster.
Severity: Warning
Rationale: Performance
Description: MaxHTTPMessageSize, MaxT3MessageSize, and MaxCOMMessageSize are deprecated since Oracle WebLogic Server 8.1. Instead of using these protocol specific parameters, use separate network channels configured with a MaxMessageSize to limit the incoming messages.
Severity: Minor Warning
Rationale: Administration
Description: In Oracle WebLogic Server 10.0, the Dependency Injection for JSF Managed Bean fails with the following warning:WARNING JSF1033: Resource injection is DISABLEDThis occurs when using @Resource annotation to inject an EJB 3.0 dependency.The same issue also occurs for JDBC resource injection.During deployment the following error may occur: "The DataSource gotten from ManagedBean is null"This means the DataSource is not injected into ManagedBean correctly.
Severity: Minor Warning
Rationale: Not Complying with Specifications
Description: In Oracle WebLogic Server 10.0, the Dependency Injection for JSF Managed Bean fails with the following warning:WARNING JSF1033: Resource injection is DISABLEDThis occurs when using @Resource annotation to inject EJB 3.0 dependency.Also, the same issue also occurs for JDBC resource injection.During deployment you will get something like: "The DataSource gotten from ManagedBean is null"This means the DataSource is not injected into ManagedBean correctly.This problem, described in Oracle Bug 8112023, has been fixed in Oracle WebLogic Server 10.0 Maintenance Pack 1.
Severity: Minor Warning
Rationale: Not Complying with Specifications
Description: Uncaught Throwable found in processSockets Errors in the server log files, as follows:<Oct 2, 2007 2:13:44 PM MEST> <Error> <Socket> <su80sr716> <b1d_adm_v20_30748_su80sr716_server> <ExecuteThread: '8' for queue: 'weblogic.socket.Muxer'> <<Oracle WebLogic Server Kernel>> <> <> <1191327224287> <BEA-000405> <Uncaught Throwable in processSocketsjava.lang.NullPointerException.java.lang.NullPointerExceptionat weblogic.socket.MuxableSocketDiscriminator.dispatch(MuxableSocketDiscriminator.java:156)at weblogic.socket.SSLFilter.dispatch(SSLFilter.java:258)...
Severity: Minor Warning
Rationale: Development
Description: Uncaught Throwable found in processSockets Errors in the server log files, as follows:<Oct 2, 2007 2:13:44 PM MEST> <Error> <Socket> <su80sr716> <b1d_adm_v20_30748_su80sr716_server> <ExecuteThread: '8' for queue: 'weblogic.socket.Muxer'> <<WLS Kernel>> <> <> <1191327224287> <BEA-000405> <Uncaught Throwable in processSocketsjava.lang.NullPointerException.java.lang.NullPointerExceptionat weblogic.socket.MuxableSocketDiscriminator.dispatch(MuxableSocketDiscriminator.java:156)...This problem, described in Oracle Bug 8128732, has been fixed in Oracle WebLogic Server 10.3.
Severity: Minor Warning
Rationale: Development
Description: If you use a Sybase database with Oracle JRockit R27.1, R27.2, or R27.3, under high load the Sybase JDBC Connection Pool becomes disabled, with the following error:"java.sql.SQLException: JZ006: Caught IOException: java.io.IOException: JZ0EM: End of data."
Severity: Warning
Rationale: Subsystem Outage
Description: UnsyncCircularQueue$FullQueueException can occur in WorkManager, as shown in the following excerpt from the Oracle WebLogic Server Administration Server log:<Aug 1, 2008 7:08:59 PM EDT> <Critical> <WorkManager> <BEA-002911> <WorkManager weblogic.kernel.System failed to schedule a request due toweblogic.utils.UnsyncCircularQueue$FullQueueException: Queue exceed maximum capacity of: '65536' elements weblogic.utils.UnsyncCircularQueue$FullQueueException: Queue exceed maximum capacity of: '65536' elements at weblogic.utils.UnsyncCircularQueue.expandQueue(UnsyncCircularQueue.java:106) ...
Severity: Minor Warning
Rationale: Administration
Description: UnsyncCircularQueue$FullQueueException can occur in WorkManager. The managed servers continue to run fine, but the Administration Server becomes unresponsive. Thread dumps showwaiting on condition [0xc2981000..0xc2981888] at weblogic.platform.SunVM.threadDump0(Native Method) - waiting to lock <0xd859c620> (a weblogic.platform.SunVM) ...Other threads waiting on the thread shown above, for example:waiting for monitor entry [0xc2b81000..0xc2b81788] at weblogic.timers.internal.TimerManagerImpl.complete(TimerManagerImpl.java:664) - waiting to lock <0xd9236db0> (a weblogic.timers.internal.TimerThread) ...This problem, described in Oracle Bug 8179406, has been fixed in Oracle WebLogic Server 10.3.
Severity: Minor Warning
Rationale: Administration
Description: A new user created on a managed server for DefaultAuthenticator (Embedded LDAP) in Oracle WebLogic Portal 10.x via PAT will not be replicated to the Admin Server. The user information is lost after the managed server is restarted.Using master first for embedded LDAP generally would be a workaround. However, this makes the Admin Server a single point of failure for all LDAP requests and can lead to connection problems under load.
Severity: Warning
Rationale: Administration
Description: Creating a new user for DefaultAuthenticator (Embedded LDAP) in Oracle WebLogic Portal 10.x via PAT on a managed server does not replicate this user to the admin server. After managed server restart, the user information is lost.Using master first for embedded LDAP generally would be a workaround. However, this makes the admin server a single point of failure for all LDAP requests and can lead to connection problems under load.This problem, described in Oracle Bug 8187790, has been fixed in Oracle WebLogic Server 10.0 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Administration
Description: A system OutofMemory error can occur if you use Oracle WebLogic Server Administration Console to export or import a large JMS queue.
Severity: Critical
Rationale: Server Outage
Description: Attempting to start a server on a Linux platform when setting the post-bind option in a UNIX machine can cause the server to core dump with a StackOverflow exception.This applies to Oracle JRockit R26.2 and above.
Severity: Critical
Rationale: Administration
Description: JRockit throws a divide by zero ArithmeticException when opening a file other than a JRA recording or a corrupted JRA recording. This issue has been fixed in JRockit R27.5.0. Here is an example error message:java.lang.ArithmeticException: / by zero at com.jrockit.jra.model.MemoryInfo.getAllocationFrequencySmallObjects(MemoryInfo.java:415) at com.jrockit.mc.jra.ui.general.GeneralContent.getFieldData(GeneralContent.java:129) at com.jrockit.mc.jra.ui.general.MiscSectionPart.createClient(MiscSectionPart.java:39) at com.jrockit.mc.jra.ui.sections.InfoSectionPart.initialize(InfoSectionPart.java:81) ...
Severity: Minor Warning
Rationale: Administration
Description: If you use WLST (Oracle WebLogic Scripting Tool) to create managed servers, the first Managed Server is created and started successfully, but the second fails with a FileNotFoundException.......java.io.IOException: java.io.IOException: java.io.FileNotFoundException:/opt/u01/skurumel/remotedom/servers/domain_bak/config_bak/config.xml (No such file or directory) at java.io.FileOutputStream.open(Native Method) at java.io.FileOutputStream.<init>(FileOutputStream.java:179) at java.io.FileOutputStream.<init>(FileOutputStream.java:131) at weblogic.utils.FileUtils.writeToFile(FileUtils.java:114) ......This problem, described in Oracle Bug 8166242, has been fixed in Oracle WebLogic Server 10.0 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Development
Description: If you use WebLogic Scripting Tool to create Managed Servers, the first Managed Server is created and started successfully, but the second fails with a FileNotFoundException.......java.io.IOException: java.io.IOException: java.io.FileNotFoundException:/opt/u01/skurumel/remotedom/servers/domain_bak/config_bak/config.xml (No such file or directory) at java.io.FileOutputStream.open(Native Method) at java.io.FileOutputStream.<init>(FileOutputStream.java:179) at java.io.FileOutputStream.<init>(FileOutputStream.java:131) at weblogic.utils.FileUtils.writeToFile(FileUtils.java:114) ......
Severity: Warning
Rationale: Development
Description: When using WebLogic Scripting Tool offline for managing DeliveryParamsOverrides parameter for JMS (Java Message Service) Queue, you encounter the following issue:When trying to cd() to existing delivery-params-overrides, the following exception occurs:Error: cd() failed. Do dumpStack() to see details.Problem invoking WLST - Traceback (innermost last): File "c:\support\repro.py", line 4, in ? File "C:\TEMP\WLSTOfflineIni27203.py", line 22, in cdcom.bea.plateng.domain.script.jython.WLSTException:com.bea.plateng.domain.script.ScriptException: No nested elementDeliveryParamsOverride is found...
Severity: Minor Warning
Rationale: Administration
Description: When using WLST (Oracle WebLogic Scripting Tool) offline for managing DeliveryParamsOverrides parameter for JMS (Java Message Service) Queue, you encounter the following issue. When trying to cd() to existing delivery-params-overrides, the following exception occurs:Traceback (innermost last): File "c:\support\repro.py", line 4, in ? File "C:\TEMP\WLSTOfflineIni27203.py", line 22, in cd ...The following command gives the error:cd('/JMSSystemResource/testJMSModule/JmsResource/NO_NAME_0/Queue/myq')This problem, Oracle Bug 8109003, is fixed in Oracle WebLogic Server 10.0 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Administration
Description: In the Oracle WebLogic Server console, the value of "Waiting For Connection Success Total" JDBC Connection pool monitoring is incorrect. Even when there are no waiters connection, "Waiting For Connection Success Total" count increases.
Severity: Minor Warning
Rationale: Administration
Description: In the Oracle WebLogic Server console, the value of "Waiting For Connection Success Total" JDBC Connection pool monitoring is incorrect. Even when there are no waiters connection, "Waiting For Connection Success Total" count increases.This problem, described in Oracle Bug 8125231, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Administration
Description: Classloading inside the JWS Container object on every request results in huge bottleneck, effecting the performance.This problem, described in Oracle Bug 8176389, has been fixed in Oracle WebLogic Server 10.0 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Administration
Description: Classloading inside the JWS Container object on every request results in huge bottleneck, effecting the performance.
Severity: Warning
Rationale: Administration
Description: Oracle JRockit 1.5_02 (R25.0.0) and Oracle JRockit 1.5_03 (R25.2.0) running on Windows 2000 requires Service Pack 2 or higher. This signature indicates that you are running no service pack or one less than Service Pack 2. Upgrade to Windows 2000 SP 2 or higher.
Severity: Critical
Rationale: Not Complying with Specifications
Description: Windows 2000 SP2 and higher is required for Oracle JRockit 1.4.2_03 through 1.4.2_11
Severity: Warning
Rationale: Not Complying with Specifications
Description: Windows 2000 SP4 and higher required for Oracle JRockit 1.5_04 through Oracle JRockit 1.5_06.
Severity: Critical
Rationale: Not Complying with Specifications
Description: If you are running on Linux or Solaris and press Ctrl-C to properly shut down your application, it will actually terminate immediately and you risk losing any runtime data that hasn't been saved to disk or a database. This happens because Oracle JRockit fails to register the SIGINT signal handler used for the shut down hooks.This issue does not apply to applications running on Windows.
Severity: Critical
Rationale: Administration
Description: The users in the Administration Console (Security Realms > myrealm > Users and Groups) are not visible when Oracle JRockit R27.4.0 is used. However, this is not the case with previous Oracle JRockit versions.
Severity: Warning
Rationale: Administration
Description: Sometimes, XAER_NOTA occurs during processing of a global transaction.
Severity: Warning
Rationale: Administration
Description: When running Oracle JRockit R27.1.0 with the load environment, the JVM detects a false positive Java-level deadlock, as follows:[deadlocked thread] [ACTIVE] ExecuteThread: '334' for queue:'weblogic.kernel.Default (self-tuning)': - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Thread '[ACTIVE] ExecuteThread: '334' for queue: 'weblogic.kernel.Default(self-tuning)'' is waiting to acquire lock'weblogic.messaging.kernel.internal.QueueImpl@43fbf06' that is held by thread'[ACTIVE] ExecuteThread: '334' for queue: 'weblogic.kernel.Default(self-tuning)''After this, the Server state is changed to FAILED. This thread is unblocked already in the next thread dump that is taken automatically by the core health monitoring system.
Severity: Warning
Rationale: Administration
Description: Calls of isConnected on SSLLayeredSocket always results in a socket not connected indication. This is now fixed and isConnected returns the true connected state of the socket.
Severity: Warning
Rationale: Non-User Viewable Errors
Description: Calls of isConnected on SSLLayeredSocket always results in a socket not connected indication. This is now fixed and isConnected returns the true connected state of the socket.This problem, described in Oracle Bug 8187246, has been fixed in Oracle WebLogic Server 10.0 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Non-User Viewable Errors
Description: With JRockit R27.4.0, when an Oracle WebLogic Server cluster peer attempts to synchronize with a peer, a java.lang.ClassCastException is raised in DistributedDestinationImpl.java, without a successful cluster peer synchronization.For example, the following stack trace excerpt occurred in an Oracle WebLogic Portal 8.1 Maintenance Pack 3 cluster domain with JRockit 142_15 (R27.4.0) and migratable JMS Servers configured for managed servers. During the start up of managed servers, the following exception was raised:...java.lang.ClassCastException: weblogic.rmi.internal.CBVOutputStream$CBVObjectOutputStream at weblogic.jms.common.DistributedDestinationImpl.writeExternal(DistributedDestinationImpl.java:328) at...
Severity: Warning
Rationale: Administration
Description: The specification "precompile-continue=true" does not function.If you specify the following: <precompile>true</precompile> <precompile-continue>true</precompile-continue>- the application should continue to compile and deploy, even when compilation errors exist in the .jsp files. However, the actual behavior is as if "precompile-continue" was not specified. Errors are reported, and the application does not deploy.This problem, described in Oracle Bug 8083879, has been fixed in Oracle WebLogic Server 10.0 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Administration
Description: When using wlcompile and wlappc for the split directory environment, the build script is failing with the following error message:BUILD FAILEDbuild.xml:45: weblogic.utils.compiler.ToolFailureException: No EJBs found in the ejb-jar file 'wlTestEjb'. Please ensure the ejb-jar contains EJB declarations via an ejb-jar.xml deployment descriptor or at least one class annotated with the @Stateless, @Stateful or @MessageDriven EJB annotation. at weblogic.ant.taskdefs.j2ee.CompilerTask.invokeMain(CompilerTask.java:299)...
Severity: Minor Warning
Rationale: Administration
Description: When using wlcompile and wlappc for the split directory environment, the build script is failing with the following error message:BUILD FAILEDC:\projects\development\mves\wlTest\ant\build.xml:45: weblogic.utils.compiler.ToolFailureException: No EJBs found in the ejb-jar file 'wlTestEjb'. Please ensure the ejb-jar contains EJB declarations via an ejb-jar.xml deployment descriptor or at least one class annotated with the @Stateless, @Stateful or @MessageDriven EJB annotation. at weblogic.ant.taskdefs.j2ee.CompilerTask.invokeMain(CompilerTask.java:299) at...This problem, described in Oracle Bug 8171601, has been fixed in Oracle WebLogic Server 10.0 Maintenance Pack 2
Severity: Minor Warning
Rationale: Administration
Description: A wlfullclient.jar file is not included in the Oracle WebLogic Server 10.0 and later installations.From Oracle WebLogic Server 10.0 onwards Oracle has stopped providing the wlfullclient.jar file.Oracle suggests you to use the Oracle WebLogic Server JarBuilder Tool Programming for Standalone Clients.Creating a wlfullclient.jar file for a client application:Use the following steps to create a wlfullclient.jar file for a clientapplication:1. Change directories to the server/lib directory.cd WL_HOME/server/lib2. Use the following command to create a wlfullclient.jar file in the server/lib directory:java -jar ../../../modules/com.bea.core.jarbuilder_1.0.0.0.jar3. Add the wlfullclient.jar file to the client application's classpath
Severity: Minor Warning
Rationale: Administration
The compliance rules for the All Wls V11 Rules standard follow.
Description: Your Administration Server is hosting applications other than Oracle system applications. Oracle recommends hosting these applications only on the managed servers within your domain. The only applications that should be deployed to your Administration Server are Oracle applications (for example, the Oracle WebLogic Server Administration Console and Oracle agents).
Severity: Warning
Rationale: Administration
Description: Cannot display the JNDI tree on the Oracle WebLogic Server console on a managed server. It seems that the problem is caused by an empty <jndi-name> tag, which was accidentally added in the datasource configuration file.<jdbc-data-source-params> <jndi-name>dsGestionRepresentations</jndi-name> <jndi-name></jndi-name><global-transactions-protocol>TwoPhaseCommit</global-transactions-protocol></jdbc-data-source-params>Will see a StackOverflowError in the logs as a symptom of this problem.
Severity: Critical
Rationale: Server Outage
Description: A stateless session bean with max-beans-in-free-pool=1 and initial-beans-in-free-pool=1 is deployed on a cluster (consist of two managed servers).The reason for only having one instance in the pool is due to customer's application restrictions.After several hours and over 100000 incoming requests the bean instance goes into waiting state.Since there is only one bean in the pool, this effectively hangs all incoming calls.In the Oracle WebLogic Server admin console it shows 1 instance in the bean pool, 0 beans in use, and 1 waiting incoming request.This problems occurs 2-3 times every day, and the servers have to be restarted.
Severity: Warning
Rationale: Subsystem Outage
Description: For Oracle WebLogic Server 10.3 with EJB3.0, an ApplicationException occurs. Annotation does not work with unchecked exceptions.
Severity: Critical
Rationale: Server Outage
Description: For Oracle WebLogic Server 10.3 with EJB3.0, an ApplicationException occurs. Annotation does not work with unchecked exceptions.This problem, described in Oracle Bug 8179501, has been fixed in Oracle WebLogic Server 10.3 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Server Outage
Description: JMS Uniform Distributed Topic does not behave as expected when upgrading from Oracle WebLogic Server 10.3.2 to 10.3.3. JMS Topic messages are not being delivered to clients if there is a Distributed JMS Topic, multiple subscribers with the same username are connected to the Topic, and the topic has a security constraint where only a particular user can receive the results.
Severity: Warning
Rationale: Development
Description: Contact Oracle Support or visit support.oracle.com for the following information:- A JavaDoc defect may lead to the generation of HTML documentation pages with potential cross-site scripting (XSS) vulnerability.- A buffer overflow vulnerability in the JRE image parsing code may allow an untrusted applet or application to elevate its privileges.- A vulnerability in the JRE font parsing code may allow an untrusted applet to elevate its privileges.- The Java XML Digital Signature implementation in JDK and JRE 6 does not securely process XSLT stylesheets in XSLT Transforms in XML Signatures.- A JRE Applet Class Loader security vulnerability may allow an untrusted applet that is loaded from a remote system to circumvent network access.
Severity: Critical
Rationale: Administration
Description: The Java Secure Socket Extension (JSSE) that is included in various releases of the Java Runtime Environment does not correctly process SSL/TLS handshake requests. This vulnerability may be exploited to create a Denial of Service (DoS) condition to the system as a whole on a server that listens for SSL/TLS connections using JSSE for SSL/TLS support. For more information, please contact Oracle Support or visit support.oracle.com.This advisory corrects this issue by supplying patched versions of JRockit.
Severity: Critical
Rationale: Administration
Description: This is a combined security advisory. These vulnerabilities are fixed in JRockit R27.5.0. Installers, updates, patches and more information are available at support.oracle.com.
Severity: Critical
Rationale: Administration
Description: When using Oracle WebLogic Server 10.3 and load testing an application that uses Web Services and JMS, a deadlock occurs after several hours of load testing the application. Oracle WebLogic Server finally stops replying over HTTP.
Severity: Warning
Rationale: Subsystem Outage
Description: When using Oracle WebLogic Server 10.3 and load testing an application that uses Webservices and JMS, a deadlock occurs after several hours of load testing the application. Oracle WebLogic Server eventually stops replying over HTTP.This problem, described in Oracle Bug 8445786, has been fixed in Oracle WebLogic Server 10.3 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Subsystem Outage
Description: The following Java class should produce TRUE for Integer values within the range(-128...+127). However, with Oracle JRockit releases R27.2.X and R27.3.X, this may return FALSE.public class Test { public static void main(String[] args) { Integer i1 = 4, i2 = 4; System.out.println(i1 == i2); }}
Severity: Minor Warning
Rationale: Development
Description: Advisory CVE-2009-1006 refers to all the vulnerability fixes that have been made in JRockit for addressing the applicable issues. The applicable advisories include:CVE 2008-5347CVE 2008-5348CVE 2008-5349CVE 2008-5350CVE 2008-5351CVE 2008-5352CVE 2008-5353CVE 2008-5354CVE 2008-5356CVE 2008-5360xFor more information, please contact Oracle Support or visit support.oracle.com.
Severity: Critical
Rationale: Administration
Description: A vulnerability in the Java Management Extensions (JMX) management agent included in the Java Runtime Environment (JRE) may allow a JMX client running on a remote host to perform unauthorized operations on a system running JMX with local monitoring enabled.For more information, please contact Oracle Support or visit support.oracle.com.
Severity: Critical
Rationale: Administration
Description: Security vulnerabilities in the Java Runtime Environment may allow an untrusted applet that is loaded from a remote system to circumvent network access restrictions and establish socket connections to certain services running on machines other than the one that the applet was downloaded from. This may allow the untrusted remote applet the ability to exploit any security vulnerabilities existing in the services it has connected to.For more information, please contact Oracle Support or visit support.oracle.com.
Severity: Critical
Rationale: Administration
Description: A vulnerability in the Java Runtime Environment related to the processing of XML data may allow unauthorized access to certain URL resources (such as some files and web pages) or a Denial of Service (DoS) condition to be created on the system running the JRE.For more information, please contact Oracle Support or visit support.oracle.com.
Severity: Critical
Rationale: Administration
Description: A vulnerability in the Java Runtime Environment with processing XML data may allow an untrusted applet or application that is downloaded from a website unauthorized access to certain URL resources (such as some files and web pages).For more information, please contact Oracle Support or visit support.oracle.com.
Severity: Critical
Rationale: Administration
Description: A buffer overflow security vulnerability with the processing of fonts in the Java Runtime Environment (JRE) may allow an untrusted applet or application to elevate its privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet.For more information, please contact Oracle Support or visit support.oracle.com.
Severity: Critical
Rationale: Administration
Description: A vulnerability in the Java Runtime Environment relating to scripting language support may allow an untrusted applet or application to elevate its privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet.For more information, please contact Oracle Support or visit support.oracle.com.
Severity: Critical
Rationale: Administration
Description: A vulnerability in the Java Runtime Environment relating to scripting language support may allow an untrusted applet to access information from another applet.For more information, please contact Oracle Support or visit support.oracle.com.
Severity: Critical
Rationale: Administration
Description: This vulnerability may impact the availability, confidentiality, or integrity of WebLogic Server applications which use the Apache web server configured with the WebLogic plug-in for Apache. This vulnerability may be remotely exploitable without authentication, that is, it may be exploited over a network without the need for a username and password.
Severity: Critical
Rationale: Administration
Description: This vulnerability in some NetUI tags may allow an attacker to read unauthorized data. This may be exploited over a network.
Severity: Critical
Rationale: Administration
Description: This vulnerability may impact the availability, confidentiality or integrity of WebLogic Server applications, which use the Apache, Sun, or IIS web server configured with the WebLogic plug-in for Apache, Sun, or IIS, respectively. This vulnerability may be remotely exploitable without authentication, that is, it may be exploited over a network without the need for a username and password.
Severity: Critical
Rationale: Administration
Description: Under certain circumstances security policies may not be enforced for web services.
Severity: Critical
Rationale: Administration
Description: Certain circumstances may cause some information disclosure in WebLogic Server JSPs and servlets.
Severity: Critical
Rationale: Subsystem Outage
Description: This vulnerability in Oracle WebLogic Console may allow information disclosure and elevation of privileges. This may be exploited over a network.
Severity: Critical
Rationale: Subsystem Outage
Description: This vulnerability in WebLogic Portal may allow elevation of privileges. This may be exploited over a network.
Severity: Critical
Rationale: Administration
Description: Oracle has released Critical Patch Updates for October 2009 that provide corrective action for potential security vulnerabilities for Oracle JRockit R27.6.3 JRE/JDK 1.6.0_11. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Administration
Description: Oracle has released Critical Patch Updates for July 2009 that provide corrective action for potential security vulnerabilities for Oracle WebLogic Server 10.3. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Server Outage
Description: This vulnerability in WebLogic Server may allow elevation of privileges. This may be exploited over a network.
Severity: Critical
Rationale: Administration
Description: This vulnerability in WebLogic Server may allow access to source code of web pages. This may be exploited over a network.
Severity: Critical
Rationale: Administration
Description: WebLogic Server web services security was strengthened.
Severity: Critical
Rationale: Administration
Description: This vulnerability may impact the availability, confidentiality, or integrity of WebLogic Server applications, which use the Apache, Sun, or IIS web server configured with the WebLogic plug-in for Apache, Sun, or IIS servers, respectively. This vulnerability may be remotely exploitable without authentication. That is. it may be exploited over a network without the need for a username and password.
Severity: Critical
Rationale: Administration
Description: This vulnerability may impact the availability, confidentiality, or integrity of Oracle WebLogic Server applications, which use the Apache, Sun, or IIS web server configured with the WebLogic Server plug-ins for Apache, Sun, or IIS servers, respectively.
Severity: Critical
Rationale: Administration
Description: Oracle has released Critical Patch Updates for July 2009 that provide corrective action for potential security vulnerabilities for Oracle JRockit R27.6.3 and earlier JRE and JDK 6, R27.6.3 and earlier JRE and JDK 5.0, R27.6.3 and earlier SDK and JRE 1.4.2. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Administration
Description: Oracle has released Critical Patch Updates for July 2009 that provide corrective action for potential security vulnerabilities for Oracle WebLogic Server 10.3. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Server Outage
Description: Oracle has released Critical Patch Updates for July 2009 that provide corrective action for potential security vulnerabilities for Oracle WebLogic Server 10.3. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Server Outage
Description: Oracle has released Critical Patch Updates for October 2009 that provide corrective action for potential security vulnerabilities for Oracle WebLogic Portal 10.x. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Non-User Viewable Errors
Description: Oracle has released Critical Patch Updates for October 2009 that provide corrective action for potential security vulnerabilities for Oracle JRockit 1.5.0_19 and 1.6.0_14.Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Administration
Description: Oracle has released Critical Patch Updates for October 2009 that provide corrective action for potential security vulnerabilities for Oracle WebLogic Server 9.0, 9.1, and 9.2. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Server Outage
Description: Oracle has released Critical Patch Updates for October 2009 that provide corrective action for potential security vulnerabilities for Oracle WebLogic Server 10.3. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Server Outage
Description: Oracle has released Critical Patch Updates for October 2009 that provide corrective action for potential security vulnerabilities for Oracle JRockit 1.6.0_14, 1.5.0_19 and 1.4.2_21. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Administration
Description: Oracle has released a Critical Patch Update that provides corrective action for a potential security vulnerability for Oracle WebLogic Server 10.3. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Development
Description: Oracle has released Critical Patch Updates for January 2010 that provide corrective action for potential security vulnerabilities for Oracle WebLogic Server 9.x. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Non-User Viewable Errors
Description: Oracle has released Critical Patch Updates for January 2010 that provide corrective action for potential security vulnerabilities for Oracle WebLogic Server 9.x. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Non-User Viewable Errors
Description: Oracle has released Critical Patch Updates for January 2010 that provide corrective action for potential security vulnerabilities for Oracle WebLogic Server 10.3. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Development
Description: Oracle has released a Critical Patch Update that provides corrective action for a potential security vulnerability for Oracle WebLogic Server 10.3. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Development
Description: Oracle has released Critical Patch Updates for January 2010 that provide corrective action for potential security vulnerabilities for Oracle WebLogic Server 9.x. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Non-User Viewable Errors
Description: Oracle has released Critical Patch Updates for January 2010 that provide corrective action for potential security vulnerabilities for Oracle WebLogic Server 10.3. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Development
Description: Oracle has released Critical Patch Updates for January 2010 that provide corrective action for potential security vulnerabilities for Oracle WebLogic Server 9.x. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Non-User Viewable Errors
Description: Oracle has released Critical Patch Updates for January 2010 that provide corrective action for potential security vulnerabilities for Oracle WebLogic Server 10.3. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Development
Description: Oracle has released Critical Patch Updates for January 2010 that provide corrective action for potential security vulnerabilities for Oracle JRockit 1.6.0_14, 1.5.0_19 and 1.4.2_21. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Administration
Description: Oracle has released a Critical Patch Update that provides corrective action for a potential security vulnerability for Oracle JRockit R27.6.6: JRE/JDK 1.4.2, 5 and 6; R28.0.0, JRE/JDK 5 and 6. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Administration
Description: Oracle has released a Critical Patch Update that provides corrective action for a potential security vulnerability for Oracle WebLogic Server 10.3. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Development
Description: Bad Certificate Error is thrown during NodeManager startup.Workaround or Apply patch: 1. Use JDK 1.6.0_12 or lower. 2. Copy cacerts from WL_HOME/server/lib directory to JDK_HOME/jre/lib/security/ Installers, updates, patches and more information are available at support.oracle.com.
Severity: Warning
Rationale: Not Complying with Specifications
Description: Bad Certificate Error is thrown during NodeManager startup.Workaround: 1. Use JDK 1.6.0_12 or lower. 2. Copy cacerts from WL_HOME/server/lib directory to JDK_HOME/jre/lib/security/This problem, described in Oracle Bug 8715553, has been fixed in Oracle WebLogic Server 10.3 Maintenance Pack 1.
Severity: Minor Warning
Rationale: Not Complying with Specifications
Description: The recent change to the definition of US timezones to remove Daylight Savings Time (DST) awareness has broken basic functionality in date handling in multiple vendor JVMs, including Oracle JRockit 1.4.2_12. This issue affects sites using the three letter abbreviations for the deprecated DST timezone denotations, when using any affected JVM.The DateFormat parser uses the contents of String zoneStrings[][] in class DateFormatSymbols to identify the timezone based on the zone value in the input date string. For example, the zoneStrings[][] array defines "EST" before "America/New_York" and so sets the timezone for the parser to the EST zone, which is now unaware of DST.
Severity: Warning
Rationale: Not Complying with Specifications
Description: The recent change to the definition of US timezones to remove Daylight Savings Time (DST) awareness has broken basic functionality in date handling in multiple vendor JVMs, including Oracle JRockit 1.5.0_08. This issue only affects sites using three-letter abbreviations of DST times zones denotations, which have been deprecated, and any affected JVM.The DateFormat parser uses the contents of String zoneStrings[][] in class DateFormatSymbols to identify the timezone based on the zone value in the input date string.The bug will only have an impact if and only if the application is using the deprecated denotation of three-letter abbreviations for US timezones (for example, EST, MST, or HST).
Severity: Warning
Rationale: Not Complying with Specifications
Description: A cluster has the Oracle WebLogic Plugin enabled, but the FrontEndHost server setting has not been specified. Oracle WebLogic Server uses this setting to specify the host for HTTP responses. If no FrontEndHost server has been specified, Oracle WebLogic Server uses the hostname of the server that processed the request.
Severity: Warning
Rationale: Non-User Viewable Errors
Description: Compaction of objects is the process of moving objects closer to each other in the heap, thus reducing the fragmentation and making object allocation easier for the JVM. Oracle JRockit compacts a part of the heap at each garbage collection (or old collection, if the garbage collector is generational).It has been observed in Oracle JRockit releases R27.3.1 and R27.4.0 that the compaction is being aborted when it should not be aborted due to the counter not being set to 0 between Garbage Collections.In some cases, the counter will continue to increase until it grows too large, leading to an aborted compaction. Since it is not set to 0, all the following Garbage Collections will be aborted as well.
Severity: Warning
Rationale: Performance
Description: A connection pool has been set up to perform all of the following tests:* TestOnCreate* TestOnReserve* TestOnReleaseAs a result of enabling all three of these settings, the connection will be tested when it is retrieved from the pool and then again when it is put back into the pool. This can lead to performance issues in JDBC access code.
Severity: Minor Warning
Rationale: Performance
Description: When Production Mode is enabled or disabled with the command line option "-Dweblogic.ProductionModeEnabled=[true
Severity: false]" but the setting does not agree with the config.xml "ProductionMode" setting, the Adminstration Console may show incorrect values for some configuration options. This can occur for any configuration options for which the default values for production mode differ from the default values for development mode.Note: Command line overrides are not persisted in config.xml. The Administration Console shows the configuration attribute values and defaults that correspond to the persisted version in the config.xml file.
Rationale: Warning
Description: When a Message Driven Bean (MDB) is deployed on a multiserver domain and is listening on a distributed queue, and the MDB is configured to connect to all of the distributed queue members. However, if a remote distributed queue member server is restarted, the deployed MDB server does not reconnect with the remote distributed queue member server.
Severity: Warning
Rationale: Subsystem Outage
Description: If you are using Oracle JRockit in conjunction with a native library that relies on OS signals you may experience crashes due to a signal handling conflict between Oracle JRockit and the native library.Dump stack matches known issue:Thread Stack Trace: at pthread_kill+62()@0xb75c00ee at ptSendSignal+34()@0xb71aedc6 at trapiConvertToDeferredSigsegv+199()@0xb719d207 at trapiSigSegvHandler+40()@0xb719d23c at xehInterpretSavedSigaction+219(amqxerrx.c)@0xb72f276b at xehExceptionHandler+543()@0xb72f2b3f at __libc_sigaction+272()@0xb75c2f80Oracle Engineering found this conflict using IBM's MQSeries native drivers, and it may be present in other libraries that rely on native code.
Severity: Critical
Rationale: Server Outage
Description: Java level deadlock between weblogic.deployment.jms.JMSSessionPoolTester and weblogic.deployment.jms.JMSSessionPool reveal in Oracle WebLogic Server Thread dump.
Severity: Critical
Rationale: Server Outage
Description: Java level deadlock between weblogic.deployment.jms.JMSSessionPoolTester and weblogic.deployment.jms.JMSSessionPool reveal in Oracle WebLogic Server Thread dump. Java stack information: =================================================== "[ACTIVE] ExecuteThread: '46' for queue: 'weblogic.kernel.Default (self-tuning)'": at weblogic.deployment.jms.JMSSessionPoolTester.run(JMSSessionPoolTester.java:515) - waiting to lock &lt;0x07dca908&gt; (a weblogic.deployment.jms.JMSSessionPoolTester) - locked &lt;0x07bfe8e0&gt; (a weblogic.deployment.jms.JMSSessionPool) at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201) at weblogic.work.ExecuteThread.run(ExecuteThread.java:173) "[ACTIVE] ExecuteThread: '45' for queue:
Severity: Minor Warning
Rationale: Server Outage
Description: When generating a webservice using JAX-RPC 1.1 with document style from a Web Service Definition Language (WSDL) file, the customer is getting the following error: [jwsc] [ERROR] - A document style operation must not have a non header INOUT or OUT Parameter.
Severity: Critical
Rationale: Development
Description: When generating a webservice using JAX-RPC 1.1 with document style from a Web Service Definition Language (WSDL) file, you may see the following error: [jwsc] [ERROR] - A document style operation must not have a non header INOUT or OUT Parameter.This problem, described in Oracle Bug 9340163, has been fixed in Oracle WebLogic Server 10.3 Maintenance Pack 3.
Severity: Minor Warning
Rationale: Development
Description: In Oracle WebLogic Server 8.1 Maintenance Pack 5, it was possible to disable the writing of system properties to the Oracle WebLogic Server log file by using the -Dweblogic.management.noLogSystemProperties=true parameter.However, after upgrading to Oracle WebLogic Server 9.x, this setting no longer has any effect.
Severity: Minor Warning
Rationale: Performance
Description: An incorrect dynamic Web Service Definition Language (WSDL) location address is generated when a Web service is deployed on a cluster with multiple front-end hosts and ports. A new property, weblogic.wsee.useRequestHost, has been introduced in Oracle WebLogic Server 9.2.1 that allows generation of the WSDL location address either from the host header or by following the topology design.
Severity: Minor Warning
Rationale: Administration
Description: Problem Statement: EJB3 Web Service fails to compile when using static nested class.Issue Clarification: A stateless EJB3 annotated as a JAX-WS Web Service fails to compile when using a static nested class as a parameter. 1. user-defined data that contains static nested class public class Outer { public static class Inner { } } 2. stateless EJB3 annotated JAX-WS Web service @Stateless @WebService( name = "Simple", portName = "SimpleEJBPort", serviceName = "SimpleEjbService", targetNamespace = "http://www.bea.com/wls/samples") public class SimpleEjbImpl { public String sayHello(Outer.Inner inner) { return "Hello"; } }
Severity: Minor Warning
Rationale: Development
Description: If it has to refresh both the query cache and entity cache, Eager Refresh of Read-Only Entity Beans takes a long time. Eager refresh initiated by the container can restrict the refresh to only the entity cache, and the query cache will get updated only when the normal application executes the query in its code path.
Severity: Minor Warning
Rationale: Performance
Description: ejbHomeQuery causes NullPointerException in the EJB container.
Severity: Minor Warning
Rationale: Administration
Description: ejbHomeQuery causes NullPointerException in the EJB container.This problem, described in Oracle Bug 8115318, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 3.
Severity: Minor Warning
Rationale: Administration
Description: Enabling Oracle WebLogic Tuxedo Connector Debug shows "DEBUG" messages as info in the logs rather than "DEBUG" even after setting log severity to DEBUG.
Severity: Warning
Rationale: Administration
Description: As of June 30, 2005, Microsoft has announced the end of mainstream support for the following platforms:* Windows 2000 Server* Advanced Server* Datacenter ServerOracle will continue supporting Oracle applications (for example Oracle JRockit on these platforms) at least through December 2006. A final notice of the end of support for Oracle JRockit on Windows 2000 will appear at least 12 months before the actual end of support.Note: Support for any Windows-specific issues must addressed by Microsoft via their extended support services.
Severity: Warning
Rationale: Not Complying with Specifications
Description: Oracle stopped supporting Red Hat Linux 2.1 on April 30, 2006.
Severity: Warning
Rationale: Not Complying with Specifications
Description: Enhancement to add deployment descriptor to turn off passivation/activation during replication of Stateful Session Bean (SFSB) in cluster.A new flag <passivate-during-replication> is added to weblogic-ejb-jar.xml. This flag is part of <stateful-session-descriptor> as below:<!ELEMENT stateful-session-clustering ( home-is-clusterable?, home-load-algorithm?, home-call-router-class-name?, use-serverside-stubs?, replication-type?, passivate-during-replication?)>Set the flag to 'false' to avoid passivation/activation during SFSB replication. The default value for the flag is 'true'.
Severity: Minor Warning
Rationale: Administration
Description: When a new Entity bean has been created with a primary key ID of sequence generator int type, attempts to persist this bean as part of a global transaction will fail with a javax.ejb.EJBException if a nontransactional datasource is used.No issues will be encountered if the annotation is removed from the Primary Key value, or if the uid-string generator is used and the field type changed to String.
Severity: Minor Warning
Rationale: User Viewable Errors
Description: In Oracle JRockit R27.1, the class bytes preprocessing facility was changed to allow for recursive preprocessing. This meant that a class preprocessor instance that was currently doing class preprocessing and through this caused a new class to be loaded would be recursively called with the new class bytes. This caused failures in some existing preprocessor implementations that relied on the old behavior of JRockit R27.1. In Oracle JRockit R27.5, this has been reverted. A thread doing class preprocessing will now silently refuse to preprocess any types created by executing the preprocessor itself.For example, in Oracle SOA Manager (ALSM), the error "Nanoagents not loading" occurs when used with Oracle JRockit R27.3.1.
Severity: Warning
Rationale: Subsystem Outage
Description: JMS proxy using local foreign JMS server configuration with credentials given is not able to connect to the remote system.
Severity: Warning
Rationale: Subsystem Outage
Description: When you insert the control manually, you get a 'nullPointerException' when running the servlet.In Oracle Workshop for WebLogic 10.0 there is no direct procedure to call a control from a Java class, but there are the workarounds available. See the Remedy section.
Severity: Minor Warning
Rationale: Development
Description: Using global multicast addresses between 230.0.0.1 and 239.192.0.0 causes cluster issues. For example, the JMS destination may not replicate to all members of the cluster although the JNDINameReplicated attribute is set to "true."
Severity: Warning
Rationale: Administration
Description: By default, Oracle WebLogic Server does not check for Group circularity for any externally configured LDAP Authenticators (iPlanet, Active Directory, Novell, Open LDAP, etc.).Circular reference:Group A is a member of Group BGroup B is a member of Group AWhen a group circularity exists in the backend LDAP, so many LDAP connections are created (due to the backend LDAP group having itself as a member), that a server crash can result.
Severity: Minor Warning
Rationale: Subsystem Outage
Description: A denial-of-service attack is a malicious attempt to overload a server by sending more requests than it can handle, preventing access to a service. Attackers may overload the server by sending huge amounts of data in an HTTP POST method. The client can get an HTTP error code 413 (Request Entity Too Large) or the connection may be broken.Prevent this type of attack by setting the MaxPostSize parameter. This limits the number of bytes of data that can be received in a POST from a single request. (By default, the value for MaxPostSize is -1, i.e. unlimited.) If an attacker sends an HTTP POST that exceeds the limit you specify, it triggers a MaxPostSizeExceeded exception and the server logs a "POST size exceeded the parameter MaxPostSize" message.
Severity: Critical
Rationale: Server Outage
Description: When Hibernate and ehcache are used with Oracle WebLogic Server, the ehcache component writes cached objects to the file system defined by the property java.io.tmpDir. This, in itself, is not an issue. However, when there are two or more managed servers running on each physical server, these managed servers write to the same directory in the file system using the same file names. Consequently, the servers are sharing resources that require explicit locks in order to modify the files, which can result in a deadlock condition.
Severity: Critical
Rationale: Administration
Description: IBM JDK 64 bit is not supported for all versions of Oracle WebLogic Server. Oracle will provide support to the best of its ability. You may be advised to revert to a supported JVM configuration if you encounter an Oracle issue that appears to be JVM-related.
Severity: Warning
Rationale: Administration
Description: Some customers write their own startup and environment scripts. Sometimes they invert the CLASSPATH order. When this occurs, patches applied with BSU are not active even if Oracle Enterprise Manager detects them. The weblogic_patch.jar must always come before weblogic_sp.jar and weblogic.jar in the classpath.
Severity: Critical
Rationale: Administration
Description: In rare cases, external compaction can cause very long pause times when attempting to move a large object from the highest heap parts, if the heap is fragmented.
Severity: Warning
Rationale: Performance
Description: When a Web Service uses inner classes as data types to a web method the resulting types are incorrect in the Web Service Definition Language (WSDL) produced by JWSC.
Severity: Critical
Rationale: Server Outage
Description: Customers reported NoSuchElementException under load for jaxws client with SAML configurations. The problem is resolved now, by isolating the critical section and synchronizing the same to avoid this problem.
Severity: Minor Warning
Rationale: Administration
Description: A NoSuchElementException error has been reported under load for jaxws client with SAML configurations. The problem is resolved now by isolating the critical section and synchronizing the same to avoid this problem.This problem, described in Oracle Bug 8183459, has been fixed in Oracle WebLogic Server 10.3 Maintenance Pack 1.
Severity: Minor Warning
Rationale: Administration
Description: After a JMS server was auto-migrated to a non-user preferred server, the JMS server's runtime monitoring view in the Admin console does not work correctly. The "does not work correctly" message means there are no destinations in the "Active Destinations" even if destinations exist.
Severity: Warning
Rationale: Administration
Description: JMS producer leaks memory when the producer is repeatedly created and closed while the session remains open.
Severity: Minor Warning
Rationale: Administration
Description: JMS producer leaks memory when the producer is repeatedly created and closed while the session remains open.This problem, described in Oracle Bug 8108465, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Administration
Description: JMS producer leaks memory when the producer is repeatedly created and closed while the session remains open.This problem, described in Oracle Bug 8108465, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Administration
Description: When the JMS Server's BytesHighCount attribute is greater than 50 percent of the JVM's HeapSizeCurrent, and the BytesPagingEnabled and MessagesPagingEnabled attributes are not set, a JMS processing error may have occured or may occur in the future.
Severity: Critical
Rationale: Server Outage
Description: A crash can occur in Oracle JRockit 1.4.2_0 when calling remote web services, causing a NullPointerException in the native code.The following is an example thread stack trace: - - - - - - - - - -Error code: 52Error Message: Null pointer exception in native codeSignal info : si_signo=11, si_code=2 - - - - - - - - - -Thread Stack Trace: at org/apache/axis/message/MessageElement.addTextNode(MessageElement.java:1388)@0xa77c3ae0 at org/apache/axis/message/SOAPHandler.addTextNode(SOAPHandler.java:148)@0xa77ea0d6 at org/apache/axis/message/SOAPHandler.endElement(SOAPHandler.java:112)@0xa77ea8ed at org/apache/axis/encoding/DeserializationContext.endElement(DeserializationContext.java:1087)@0xa77ea468
Severity: Warning
Rationale: Administration
Description: Application Java Byte code produces wrong date when it is compiled with Oracle JRockit 1.5.0_08 R27.1.0For example when using java.util.Calendar:calendar.set(Calendar.MONTH, (calendar.get(Calendar.MONTH) - 1));and when we print Calendar.getTime() the wrong value for month is returned.System.out.println("DATE: " + calendar.getTime());
Severity: Warning
Rationale: Development
Description: An exception can occur in the Oracle WebLogic Server 10.0 Administration Console when you click the Servers - Monitoring tab - Performance tab. This issue occurs only if you are using JRockit R27.3, R27.4, R27.5, or R27.6.The following exceptions may occur:Error opening /jsp/core/server/ServerMonitoringPerformanceForm.jsp.The source of this error is javax.servlet.ServletException: javax.xml.transform.TransformerException:com.sun.org.apache.xml.internal.utils.WrappedRuntimeException:The entity name must immediately follow the '&' in the entity reference.at weblogic.servlet.jsp.PageContextImpl.handlePageExceptionThis problem, described in Oracle Bug 8116840, has been fixed in Oracle WebLogic Server 10.0 Maintenance Pack 1.
Severity: Minor Warning
Rationale: Administration
Description: An exception can occur in the Oracle WebLogic Server 10.0 Administration Console when you click the Servers - Monitoring tab - Performance tab. This issue occurs only if you are using JRockit R27.3, R27.4, R27.5, or R27.6.The following exceptions may occur:Error opening /jsp/core/server/ServerMonitoringPerformanceForm.jsp.The source of this error is javax.servlet.ServletException: javax.xml.transform.TransformerException:com.sun.org.apache.xml.internal.utils.WrappedRuntimeException:The entity name must immediately follow the '&' in the entity reference.at weblogic.servlet.jsp.PageContextImpl.handlePageException
Severity: Warning
Rationale: Administration
Description: The Heap Snapshot table on the Heap Overview tab appears to be configurable, but is not.
Severity: Minor Warning
Rationale: Administration
Description: The Memory Usage data on the General tab and the Optimization data on the Optimization tab of JRockit Mission Control's JRA window cannot be copied to the clipboard using the right click context menu. This works for the other data fields in JRockit Mission Control.
Severity: Minor Warning
Rationale: Administration
Description: When a Java application that has inline calculation in the array access is deployed on a Oracle WebLogic Server with Oracle JRockit R26.4.0-JDK1.5.0_06, a crash can occur.The error message is as follows:Error Message: Illegal memory access. [54]Signal info : si_signo=11, si_code=1
Severity: Warning
Rationale: Administration
Description: 1. If you create two faces-config.xml files for a Web application2. Each faces-config.xml file registers one managed bean classWhere:Each managed bean class has a method that injects a stateless EJB (Enterprise Java Bean) with a local interface (EJB 3.0).Result:You get an NPE (Null Pointer Exception) when you visit one of the faces (for example, h1.jsf), because the stateless EJB cannot be injected.
Severity: Warning
Rationale: Development
Description: If you create two 'faces-config.xml' files for a Web application, and each faces-config.xml file registers one managed bean class, each managed bean class has a method that injects a stateless EJB (Enterprise Java Bean) with a local interface (EJB 3.0), then you get an NPE (Null Pointer Exception) when you visit one of the faces (for example, h1.jsf), because the stateless EJB cannot be injected.This problem, described in Oracle Bug 8691274, has been fixed in Oracle WebLogic Server 10.3 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Development
Description: The following error occurs when starting the managed server with 1.4.1_X JVM:"weblogic.utils.AssertionError: ***** ASSERTION FAILED *****[ invalid assignment from 'Object' to 'Object' ] at weblogic.utils.Debug.assertion(Debug.java:57)"The managed server startup failures due to weblogic.utils.AssertionError is because of JVM HotSpot optimizations. This is a JVM issue.
Severity: Minor Warning
Rationale: Administration
Description: A crash can happen while executing Oracle JRockit R27.X parallel garbage collection(-Xgc:parallel )objPoolMarkAllWeak function passes a null object to refResweepWeakHandle, giving a Tread Stack Trace as the following one: at refResweepWeakHandle+117()@0xb7d0f245 at objPoolMarkAllWeak+630()@0xb7ce03a6 ...This can be observed mostly using JVMTI agent.
Severity: Minor Warning
Rationale: Administration
Description: Using globally scoped Work Manager in Oracle WebLogic Server 10.x and the dispatch-policy element of the WebLogic Enterprise bean in weblogic-ejb-jar.xml, the Message Driven Bean (MDB) fails to connect to the destination throwing:The Message-Driven EJB: WMTestMDB is unable to connect to the JMS destination: queue.cap.TestQueue. The Error was: java.lang.NegativeArraySizeException: allocArray>The error is:1. Seen when Maximum Threads Constraint Count = -1 (default value).2. NOT seen if application scoped work manager used.To avoid this problem, use:1. Application scoped work manager.2. A positive integer for Maximum Threads Constraint Count != -13. A global work manager, delete the Maximum Threads Constraint.
Severity: Minor Warning
Rationale: Administration
Description: When an Oracle WebLogic Server cluster has been configured on a Solaris 10 box(es), Managed Server instance(s) may periodically drop in and out of the cluster.Even though the server instances automatically rejoin the cluster, there will be lost multicast messages, and response time will be impacted due to the increased cluster housekeeping being required (for example, increased failover of requests or additional session replication needing to be carried out). This will then result in slower performance being seen by the end user/client.This issue is seen only on Solaris 10, regardless of the version of Oracle WebLogic Server being used.
Severity: Warning
Rationale: Performance
Description: Message bridge does not forward messages after server restart via console until it (message bridge) is restarted again.This problem, described in Oracle Bug 8131966, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Administration
Description: Method ejbTimout() in superclass is not recognized.java.lang.IllegalStateException: [EJB:011084]This EJB class does not support EJB timers and therefore is prohibited from using the TimerService.To use EJB timers, the bean class must implement javax.ejb.TimedObject or have a method annotated with @Timeout. at weblogic.ejb.container.internal.BaseEJBContext$1.invoke(BaseEJBContext.java:429)...
Severity: Minor Warning
Rationale: Development
Description: Method ejbTimout() in superclass is not recognized. With Oracle WebLogic Server 9.1, this works fine. With Oracle WebLogic Server 10.3, the server throws the following exception:java.lang.IllegalStateException: [EJB:011084]This EJB class does not support EJB timers and therefore is prohibited from using the TimerService.To use EJB timers, the bean class must implement javax.ejb.TimedObject or have a method annotated with @Timeout. at weblogic.ejb.container.internal.BaseEJBContext$1.invoke(BaseEJBContext.java:429) ...This problem, described in Oracle Bug 8120098, has been fixed in Oracle WebLogic Server 10.3 Maintenance Pack 1.
Severity: Minor Warning
Rationale: Development
Description: The multicast address must be between 224.0.0.0 and 239.255.255.255.
Severity: Warning
Rationale: Subsystem Outage
Description: Many threads get blocked on weblogic.messaging.kernel.internal.MessageHandle.waitForPaging(MessageHandle.java:474)The block is as a result of waiting for the Paging on MessageHandle(s) to finish.The particular thread that appears to be holding the lock is: "[ACTIVE] ExecuteThread: '303' for queue: 'weblogic.kernel.Default (self-tuning)'" RUNNABLE weblogic.messaging.kernel.internal.PagingImpl.run(PagingImpl.java:455) weblogic.work.ServerWorkManagerImpl$WorkAdapterImpl.run (ServerWorkManagerImpl.java:518) weblogic.work.ExecuteThread.execute(ExecuteThread.java:207) weblogic.work.ExecuteThread.run(ExecuteThread.java:179)The thread is RUNNABLE and holds the lock on a MessageHandle.
Severity: Minor Warning
Rationale: Administration
Description: Many threads get blocked on weblogic.messaging.kernel.internal.MessageHandle.waitForPaging(MessageHandle.java:474)The block is as a result of waiting for the Paging on MessageHandle(s) to finish.The particular thread that appears to be holding the lock is: "[ACTIVE] ExecuteThread: '303' for queue: 'weblogic.kernel.Default (self-tuning)'" RUNNABLE weblogic.messaging.kernel.internal.PagingImpl.run(PagingImpl.java:455) weblogic.work.ServerWorkManagerImpl$WorkAdapterImpl.run (ServerWorkManagerImpl.java:518)The thread is RUNNABLE and holds the lock on a MessageHandle.This problem, described in Oracle Bug 8112849, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Administration
Description: During the server startup the performance pack or native IO should be loaded if NativeIOEnabled switch is turned on. If this does not occur, usually the library path is not set correctly or the user rights for the directory or performance pack library file are not set properly.
Severity: Warning
Rationale: Performance
Description: When an interface is not compliant with the implementation classes, Oracle JRockit may crash or throw a NullPointerException. This occurs because Oracle JRockit does not perform verification of implemented interfaces before a call, unless it is started with the option -Xverify:all.Oracle JRockit R24.5.0 and previous versions crash under these conditions. Oracle JRockit R25.2.1-11 and later throw a NullPointerException where an IncompatibleClassChangeError could be expected.
Severity: Critical
Rationale: Server Outage
Description: Unable to monitor the MDB Durable Subscriber in the Oracle WebLogic Server Administration Console.
Severity: Minor Warning
Rationale: Development
Description: Running with Oracle JRockit 1.5.0_08(R27.1.0) and getting a NullPointerException in java.nio.DirectByteBuffer._get()Following is the stack trace along with the NPE thrown,java.lang.NullPointerException:java.nio.DirectByteBuffer._get(Unknown Source)java.nio.Bits.getIntL(Unknown Source)java.nio.Bits.getInt(Unknown Source)java.nio.HeapByteBuffer.getInt(Unknown Source)
Severity: Warning
Rationale: Administration
Description: A NullPointerException is reported by JWSC (Java Web Service compiler) if portName in the implementation class does not match with the portName in Web Service Definition Language (WSDL).Sample error message:java.lang.NullPointerExceptionat weblogic.wsee.tools.anttasks.JwscTask.execute(JwscTask.java:190)at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:275)at org.apache.tools.ant.Task.perform(Task.java:364)at org.apache.tools.ant.Target.execute(Target.java:341)at org.apache.tools.ant.Target.performTasks(Target.java:369)at org.apache.tools.ant.Project.executeSortedTargets(Project.java:1216)at org.apache.tools.ant.Project.executeTarget(Project.java:1185)...
Severity: Warning
Rationale: Development
Description: Oracle JRockit 1.4.2_12 crashed on multiple WLS 8 SP4 servers.Oracle JRockit dump shows the following stack trace:Stack 0: start=0xb7a58000, end=0xb7a9c000, guards=0xb7a5d000 (ok),forbidden=0xb7a5b000Thread Stack Trace: at mmGetObjectSize+8()@0xb7e6b3c8 at findNext+166()@0xb7e9a006 at refIterGetNext+44()@0xb7e9a24c at trMarkRootsForThread+325()@0xb7ea83b5 at mmMarkRootsForThread+44()@0xb7e2cc2c at mmParThreadInspection+45()@0xb7e7794d at tsDoGCInspectionForAllThreads+37()@0xb7ed8555 at mmParMark+118()@0xb7e77d16 at mmGCMainLoop+1074()@0xb7d73722 at tsiCallStartFunction+81()@0xb7e1ac81 at tsiThreadStub+126()@0xb7e1bd1e at ptiThreadStub+18()@0xb7e840d2 at start_thread+129()@0x9e6371 at clone+94()@0x88e9be - Java stack -
Severity: Critical
Rationale: Server Outage
Description: Oracle JRockit 5.0 - file.encoding does not work on Linux - instead the default system settings are usedIn java versions prior to 5.1 (or 1.5), the system property -D file.encoding defined an encoding that will be used by FileReader / FileWriter. This is still true for Sun Hotspot 1.5 and also for Oracle JRockit 5.0 on Windows.However, on Linux, setting the system property -Dfile.encoding does not have any effect on FileReader / FileWriter They take their encoding from the system default settings.This problem only happens on Linux - not on Windows.
Severity: Warning
Rationale: Administration
Description: In Oracle JRockit R26 versions earlier than R26.4 on Windows operating systems, Oracle JRockit can expose a problem in the OS related to multimedia timers that causes the system time to be adjusted backwards.This can cause the system time to jump back by about 1 minute. If this happens, you can turn off the use of multimedia timers with -Djrockit.periodictask.usemmtimers=false, otherwise upgrade to R26.4 or later.
Severity: Warning
Rationale: Administration
Description: For JRockit releases R26.4 and R27, if a thread was interrupted for garbage collection while it was in the process of copying an array, then the garbage collection may result in very long pauses.
Severity: Warning
Rationale: Performance
Description: Sometimes, calling inflate on a closed Inflater results in Oracle JRockit crashing, creating a core file. It can occur with Oracle JRockit R27.3.1.The relevant stack trace will be similar to the following:Thread Stack Trace: at inflate+73()@0x000000001027C409 at RJNI_java_util_zip_Inflater_inflateFast+90()@0x000000001020162A - Java stack - at java/util/zip/Inflater.inflateFast(JJIJI)I(Native Method) at java/util/zip/Inflater.inflateBytes(Inflater.java:354) at java/util/zip/Inflater.inflate(Inflater.java:216)
Severity: Critical
Rationale: Administration
Description: Oracle does not support Oracle JRockit running on the ELhugemem kernel.The ELhugemem kernel had been intended as a stopgap measure until 64-bit kernels, which are a better choice, became readily available. An example of problems with the ELhugemem kernel is 5-10 percent performance loss under normal I/O and even greater performance degradation when more calls are made into the kernel (for example, heavy I/O).
Severity: Warning
Rationale: Not Complying with Specifications
Description: Oracle WebLogic Server is running on an AIX platform and is configured with IIOP enabled. Please note that the thin client is not supported for this configuration.
Severity: Minor Warning
Rationale: Non-User Viewable Errors
Description: The application fails when being accessed at first. Once Oracle WebLogic Server is rebooted, the server can be accessed successfully. ParseException occurs while deploying an EAR that has a Kodo connector.
Severity: Critical
Rationale: Server Outage
Description: The application fails when being accessed at first. Once Oracle WebLogic Server is rebooted, the server can be accessed successfully. ParseException occurs while deploying an EAR that has a Kodo connector.This problem, described in Oracle Bug 8979755, has been fixed in Oracle WebLogic Server 10.3 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Server Outage
Description: When using Oracle WebLogic Integration 9.2 Maintenance Pack 1/Maintenance Pack 2, if input XML contains nested CDATA, parsing of this document results in some missing characters from the original input data.For example, the following line is part of the input XML:< ! [ CDATA [<Category>< ! [ CDATA [ <data>data</data> ] ] ></Category> ] ] >Parsing results in the following line:< ! [ CDATA [<Category>< ! [ CDATA [ <data>data</data> ] ] ></Category>] ] >Note the two missing characters at the end of the line (after Category '>' becomes '>').
Severity: Minor Warning
Rationale: Administration
Description: Typically, each Oracle patch corresponds to a specific version of Oracle WebLogic Server. Using a patch that is designated for a different version of Oracle WebLogic Server may result in failures or incorrect behavior.
Severity: Warning
Rationale: Administration
Description: Benchmarks show major performance improvements when native performance packs are used on machines that host Oracle WebLogic Server instances. Performance packs use a platform-optimized, native socket multiplexor to improve server performance.
Severity: Minor Warning
Rationale: Administration
Description: If a thread requires a connection from a JDBC pool and no connection is available, the thread must wait until one becomes available. At some point in time, a connection pool in your domain had a number of requests waiting for a connection, which may impact the performance of waiting threads.
Severity: Warning
Rationale: Performance
Description: The use of a prepared statement or callable statement in an application or EJB creates a considerable processing overhead for the communication between the application server and the database server and on the database server itself.To minimize these processing costs, Oracle WebLogic Server can cache the prepared and callable statements that are used in your applications. When an application or EJB calls any of the statements stored in the cache, Oracle WebLogic Server reuses the cached statement. Reusing these statements reduces CPU usage on the database server, which improves the performance of the current statement and leaves the CPU available for other tasks.
Severity: Warning
Rationale: Performance
Description: The domain is running in production mode, but the HostnameVerification property has been disabled. When the HostnameVerification attribute has been disabled, Oracle WebLogic Server no longer ensures that the certificate received from a remote site matches the DNS name when making a remote SSL connection. This leaves the connection vulnerable to a "man in the middle" attack.
Severity: Warning
Rationale: Administration
Description: Reading an environment variable in a WebLogic Scripting Tool script under Windows 2003 does not work. wls:/offline> import os wls:/offline> sys.version '2.1' wls:/offline> os.environ['WL_HOME'] Failed to get environment, environ will be empty: (0, "Failed to execute command (['sh', '-c', 'env']): java.io.IOException: CreateProcess: sh -c env error=2")
Severity: Minor Warning
Rationale: Subsystem Outage
Description: A ResourceAccessException from a JTA sub-system while delivering a message causes the message to stay in the pending state permanently until a server restart.javax.transaction.SystemException: start() failed on resource 'WLStore_domain_BUS01_BIZ_FileStore-mgd02BUS01': XAER_RMERR : A resource manager error has occured in the transaction branch weblogic.transaction.internal.ResourceAccessException: Transaction has timed out when making request to XAResource 'WLStore_domain_BUS01_BIZ_FileStore-mgd02BUS01'. at weblogic.transaction.internal.XAResourceDescriptor.startResourceUse(XAResourceDescriptor.java:712)...
Severity: Minor Warning
Rationale: User Viewable Errors
Description: SAF is discarding messages causing message loss.
Severity: Critical
Rationale: Administration
Description: SAF sometimes stops forwarding messages when the receiving server(s) are restarted.
Severity: Minor Warning
Rationale: Administration
Description: SAF sometimes stops forwarding messages when the receiving server(s) are restarted.This problem, described in Oracle Bug 8118031, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 3.
Severity: Minor Warning
Rationale: Administration
Description: When propagating the security context in the form of an SAML assertion between consumer and producers, and if using both JAX-RPC and JAX-WS and both SAML1 and SAML2, on the Producer side the SAMLIdentityAssertionNameMapper must check the groups, and possibly remove old groups or add new ones. This was possible with a SAML1 custom SAMLIdentityAssertionNameMapper, through the "mapGroupInfo" method. However, with SAML2 this is not possible. This is because in the "mapNameInfo" method of the SAML2IdentityAsserterNameMapper interface, the passed SAML2NameMapperInfo always returns NULL, when calling the 'getGroups()' method. This is true even if the groups are available in the SAML assertion and will be correctly added to the security context afterwards.
Severity: Minor Warning
Rationale: Administration
Description: When generating SNMP Traps from a SIP Servlet using SipServletSnmpTrapRuntimeMBean in conjunction with CommonJ timers, the traps fail with NullPointerExceptions. Without CommonJ timers, the traps work as expected.
Severity: Warning
Rationale: User Viewable Errors
Description: This is required to support SSL socket connection timeout using out-of-the-box (JRockit) JVM.
Severity: Warning
Rationale: Non-User Viewable Errors
Description: This is required to support SSL socket connection timeout using out-of-the-box (JRockit) JVM.This problem, described in Oracle Bug 8183018, has been fixed in Oracle WebLogic Server 10.3 Maintenance Pack 1.
Severity: Minor Warning
Rationale: Non-User Viewable Errors
Description: Upgrading to the versions 1.6.0_14 and 1.5.0_19 of the Sun JDK or Oracle JRockit causes compatibility issues between Sun JDK and Oracle JRockit handling of SSL and Oracle WebLogic Server handling of SSL.
Severity: Critical
Rationale: Non-User Viewable Errors
Description: Upgrading to the versions 1.6.0_14 and 1.5.0_19 of the Sun JDK or Oracle JRockit causes compatibility issues between Sun JDK and Oracle JRockit handling of SSL and Oracle WebLogic Server handling of SSL.
Severity: Critical
Rationale: Non-User Viewable Errors
Description: Oracle WebLogic Server may hang with every execute thread in STANDBY state.Note that Minimum Thread Constraint is not applied..Every ExecuteThread becomes as follows:."[STANDBY] ExecuteThread: '1' for queue: 'weblogic.kernel.Default(self-tuning)'" daemon prio=10 tid=0x017ad9b8 nid=0x32 in Object.wait()[0xbcd7f000..0xbcd7faf0] at java.lang.Object.wait(Native Method) - waiting on <0xd96795d8> (a weblogic.work.ExecuteThread) at java.lang.Object.wait(Object.java:474) at weblogic.work.ExecuteThread.waitForRequest(ExecuteThread.java:156) - locked <0xd96795d8> (a weblogic.work.ExecuteThread) at weblogic.work.ExecuteThread.run(ExecuteThread.java:177)
Severity: Warning
Rationale: User Viewable Errors
Description: Oracle WebLogic Server may hang with every execute thread in STANDBY state.Note that Minimum Thread Constraint is not applied..Every ExecuteThread becomes as follows:."[STANDBY] ExecuteThread: '1' for queue: 'weblogic.kernel.Default(self-tuning)'" daemon prio=10 tid=0x017ad9b8 nid=0x32 in Object.wait()[0xbcd7f000..0xbcd7faf0] at java.lang.Object.wait(Native Method) - waiting on <0xd96795d8> (a weblogic.work.ExecuteThread) at java.lang.Object.wait(Object.java:474) at weblogic.work.ExecuteThread.waitForRequest(ExecuteThread.java:156) - locked <0xd96795d8> (a weblogic.work.ExecuteThread) at weblogic.work.ExecuteThread.run(ExecuteThread.java:177)This problem, described in 8636905, has been fixed in Oracle WebLogic Server 10.3 Maintenance Pack 2.
Severity: Minor Warning
Rationale: User Viewable Errors
Description: A web application is deployed to a cluster, and the session cookie has been modified from the default (JSESSIONID). If the application is being accessed by means of a webserver running the Oracle WebLogic plugin, and the configuration has not been updated, the plugin may route Oracle WebLogic Server requests incorrectly.
Severity: Minor Warning
Rationale: Administration
Description: When starting Oracle WebLogic Server on Solaris 8 or 5.8, the default threading libraries of the operating system may cause various JVM threading issues, which can ultimately result in the server hanging or crashing.
Severity: Critical
Rationale: Server Outage
Description: Some signatures require runtime MBeans to be created for Session Monitoring, in order to collect MBean data. If Session Monitoring is not enabled, data collection may be erratic or incomplete.
Severity: Minor Warning
Rationale: Non-User Viewable Errors
Description: Recent changes to the definition of US timezones to remove Daylight Savings Time (DST) awareness has broken basic functionality in date handling. The DateFormat parser uses the contents of String zoneStrings[][] in class DateFormatSymbols to identify the timezone based on the zone value in the input date string.For example, the zoneStrings[][] array defines "EST" before "America/New_York" so sets the timezone for the parser to the now non-DST aware "EST" zone.This issue only affects sites using the these three-letter abbreviations of DST times zones denotations, which have been deprecated, and any of the following versions of the Sun JDK:* Sun JDK 1.6* Sun JDK 1.5.0_08 and later* Sun JDK 1.4.2_12 and later
Severity: Warning
Rationale: Not Complying with Specifications
Description: Typically, a dollar sign ("$") in the system properties indicates an attempt to reference an environment variable that has not been evaluated correctly. As a result, the property may not have the desired effect.
Severity: Warning
Rationale: Administration
Description: Typically, a percent sign ("%") in the system properties indicates an attempt to reference an environment variable that has not been evaluated correctly. Therefore, the property may not be having the desired effect.
Severity: Warning
Rationale: Administration
Description: The Published Site URL for SAML2 must end with the string "/saml2" (without quotes) or SAML2 will not function properly. In addition, the published site URL must be the URL of the server that is configured for SAML2, for both the Identity Provider (IdP) and Service Provider (SP). This affects only SAML2.
Severity: Minor Warning
Rationale: Administration
Description: In JSP, when Java Beans are used:<jsp:useBean> body gets executed even if named JavaBean already exists in the scope.
Severity: Minor Warning
Rationale: Administration
Description: In JSP, when Java Beans are used:<jsp:useBean> body gets executed even if named JavaBean already exists in the scope.This problem, described in Oracle Bug 8093561, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 1.
Severity: Minor Warning
Rationale: Administration
Description: The following stacktrace is obtained when trying to setMonitoredAttributeName for SNMPGaugeMonitor on Solaris platform:Caught java.lang.RuntimeException: Timed out waiting for completionjava.lang.RuntimeException: Timed out waiting for completion at weblogic.management.provider.internal.ActivateTaskImpl.waitForCompletion(ActivateTaskImpl.java:374) at weblogic.management.provider.internal.ActivateTaskImpl.waitForTaskCompletion(ActivateTaskImpl.java:349) ...
Severity: Warning
Rationale: Administration
Description: The "Too Many Open Files" error usually occurs after several concurrent users get a connection to the Server. Java opens many files in order to read in the classes required to run your application. High volume applications can use a lot of file descriptors. This could lead to a lack of new file descriptors. Also, each new socket requires a descriptor. Clients and Servers communicate via TCP sockets. Each browser's HTTP request consumes TCP sockets when a connection is established to a Server. Limiting the number of open sockets allowed prevents your server from running out of file descriptors.
Severity: Warning
Rationale: Performance
Description: MaxHTTPMessageSize, MaxT3MessageSize, and MaxCOMMessageSize are deprecated since Oracle WebLogic Server 8.1. Instead of using these protocol specific parameters, use separate network channels configured with a MaxMessageSize to limit the incoming messages.
Severity: Minor Warning
Rationale: Administration
Description: If you use a Sybase database with Oracle JRockit R27.1, R27.2, or R27.3, under high load the Sybase JDBC Connection Pool becomes disabled, with the following error:"java.sql.SQLException: JZ006: Caught IOException: java.io.IOException: JZ0EM: End of data."
Severity: Warning
Rationale: Subsystem Outage
Description: Attempting to start a server on a Linux platform when setting the post-bind option in a UNIX machine can cause the server to core dump with a StackOverflow exception.This applies to Oracle JRockit R26.2 and above.
Severity: Critical
Rationale: Administration
Description: JRockit throws a divide by zero ArithmeticException when opening a file other than a JRA recording or a corrupted JRA recording. This issue has been fixed in JRockit R27.5.0. Here is an example error message:java.lang.ArithmeticException: / by zero at com.jrockit.jra.model.MemoryInfo.getAllocationFrequencySmallObjects(MemoryInfo.java:415) at com.jrockit.mc.jra.ui.general.GeneralContent.getFieldData(GeneralContent.java:129) at com.jrockit.mc.jra.ui.general.MiscSectionPart.createClient(MiscSectionPart.java:39) at com.jrockit.mc.jra.ui.sections.InfoSectionPart.initialize(InfoSectionPart.java:81) ...
Severity: Minor Warning
Rationale: Administration
Description: On the producer side, messages like the following are logged at each call, even when -Dweblogic.wsee.verbose is not set:<WSEE:14>Trying to validate identity assertion token http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0<SecurityMessageInspector.inspectIdentity:629><WSEE:14>Validated identity assertion token http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0<SecurityMessageInspector.inspectIdentity:632>saml2namemapperinfo=com.bea.security.saml2.providers.SAML2NameMapperInfo@2d24dfa<WSEE:14>Trying to validate identity assertion token http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0<SecurityMessageInspector.inspectIdentity:629>
Severity: Minor Warning
Rationale: Administration
Description: On the producer side, the following messages were logged at each call, even when -Dweblogic.wsee.verbose is not set:<WSEE:14>Trying to validate identity assertion token http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0<SecurityMessageInspector.inspectIdentity:629><WSEE:14>Validated identity assertion token http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0<SecurityMessageInspector.inspectIdentity:632>saml2namemapperinfo=com.bea.security.saml2.providers.SAML2NameMapperInfo@2d24dfa...Oracle Bug 8184141 has been fixed in Oracle WebLogic Server 10.3 Maintenance Pack 1
Severity: Minor Warning
Rationale: Administration
Description: Oracle WebLogic Server Administration Console running Oracle WebLogic Tuxedo Connector (WTC) does not allow the creation of more than three Remote Access Points to Tuxedo. Adding more than three connections will typically fail with the error displaying in the Oracle WebLogic Server log file: Could not create a TDMImport Remote access point cannot have more than three elements.
Severity: Minor Warning
Rationale: Administration
Description: In the Oracle WebLogic Server console, the value of "Waiting For Connection Success Total" JDBC Connection pool monitoring is incorrect. Even when there are no waiters connection, "Waiting For Connection Success Total" count increases.
Severity: Minor Warning
Rationale: Administration
Description: In the Oracle WebLogic Server console, the value of "Waiting For Connection Success Total" JDBC Connection pool monitoring is incorrect. Even when there are no waiters connection, "Waiting For Connection Success Total" count increases.This problem, described in Oracle Bug 8125231, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Administration
Description: Oracle JRockit 1.5_02 (R25.0.0) and Oracle JRockit 1.5_03 (R25.2.0) running on Windows 2000 requires Service Pack 2 or higher. This signature indicates that you are running no service pack or one less than Service Pack 2. Upgrade to Windows 2000 SP 2 or higher.
Severity: Critical
Rationale: Not Complying with Specifications
Description: Windows 2000 SP2 and higher is required for Oracle JRockit 1.4.2_03 through 1.4.2_11
Severity: Warning
Rationale: Not Complying with Specifications
Description: Windows 2000 SP4 and higher required for Oracle JRockit 1.5_04 through Oracle JRockit 1.5_06.
Severity: Critical
Rationale: Not Complying with Specifications
Description: If you are running on Linux or Solaris and press Ctrl-C to properly shut down your application, it will actually terminate immediately and you risk losing any runtime data that hasn't been saved to disk or a database. This happens because Oracle JRockit fails to register the SIGINT signal handler used for the shut down hooks.This issue does not apply to applications running on Windows.
Severity: Critical
Rationale: Administration
Description: The users in the Administration Console (Security Realms > myrealm > Users and Groups) are not visible when Oracle JRockit R27.4.0 is used. However, this is not the case with previous Oracle JRockit versions.
Severity: Warning
Rationale: Administration
Description: If you are using ALBPM 6.0.4 on Oracle WebLogic Server 10.3 and have ALBPM processes with Global Automatic Activities, these Global Automatic Activities listen to JMS queues for messages. You may not notice any consumers on some queues after server startup.This problem, described in Oracle Bug 8176788, has been fixed in Oracle WebLogic Server 10.3 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Server Outage
Description: If you are using ALBPM 6.0.4 on Oracle WebLogic Server 10.3, and if you have ALBPM processes that contain Global Automatic Activities, then these Global Automatic Activities listen to JMS queues for messages.In ALBPM 6.x implementation, the engine implements this type of Global Automatic Activity by scheduling a work item with the WorkManager (default or custom). The WorkManager runs the work item in one of its threads. The work item, when executed, dynamically creates a JMS queue consumer that represents a Global Automatic Activity.The issue is that you may not notice any consumers on some queues after server start up.
Severity: Critical
Rationale: Server Outage
Description: When running Oracle JRockit R27.1.0 with the load environment, the JVM detects a false positive Java-level deadlock, as follows:[deadlocked thread] [ACTIVE] ExecuteThread: '334' for queue:'weblogic.kernel.Default (self-tuning)': - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Thread '[ACTIVE] ExecuteThread: '334' for queue: 'weblogic.kernel.Default(self-tuning)'' is waiting to acquire lock'weblogic.messaging.kernel.internal.QueueImpl@43fbf06' that is held by thread'[ACTIVE] ExecuteThread: '334' for queue: 'weblogic.kernel.Default(self-tuning)''After this, the Server state is changed to FAILED. This thread is unblocked already in the next thread dump that is taken automatically by the core health monitoring system.
Severity: Warning
Rationale: Administration
Description: With JRockit R27.4.0, when an Oracle WebLogic Server cluster peer attempts to synchronize with a peer, a java.lang.ClassCastException is raised in DistributedDestinationImpl.java, without a successful cluster peer synchronization.For example, the following stack trace excerpt occurred in an Oracle WebLogic Portal 8.1 Maintenance Pack 3 cluster domain with JRockit 142_15 (R27.4.0) and migratable JMS Servers configured for managed servers. During the start up of managed servers, the following exception was raised:...java.lang.ClassCastException: weblogic.rmi.internal.CBVOutputStream$CBVObjectOutputStream at weblogic.jms.common.DistributedDestinationImpl.writeExternal(DistributedDestinationImpl.java:328) at...
Severity: Warning
Rationale: Administration
The compliance rules for the All Wls V9 Rules standard follow.
Description: In Oracle WebLogic Server 9.2, a NullPointerException occurs on the server side when a registered listener has a Oracle WebLogic Server Timer with a fixed rate.
Severity: Minor Warning
Rationale: Administration
Description: The LogBroadcaster fails to broadcast log messages when the log message is large. Messages bigger than 64k fail to be broadcast. This size limitation was introduced in Oracle WebLogic Server 9.x.Error message:<BEA-170011> <The LogBroadcaster on this server failed to broadcast log messages to the admin server. The Admin server may not be running. Message broadcasts to the admin server will be disabled.>This problem, described in Oracle Bug 8166717, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 3.
Severity: Minor Warning
Rationale: Administration
Description: When a Oracle WebLogic Server Web Service has two operations in it and each operation takes one XMLBean, and these XSDs include an XML type via <xs:include> statement, it results in the following error when publishing the Web Service to the server:weblogic.wsee.ws.WsException: Failed to create binding providercom.bea.xml.XmlException: ...: error:sch-props-correct.2: Duplicate global type: Item@http://www.sample.org/model (Original global type found in file:URI_SHA_1_26F162A02C0B8E453B3528125B8B9A9E38A76D2C/SaleService.wsdl) at weblogic.wsee.ws.WsBuilder.createRuntimeBindingProvider(WsBuilder.java:355)
Severity: Warning
Rationale: Development
Description: In a cluster of Oracle WebLogic Servers, if there is a Web Application using in-memory session replication, the following Exception can occur when the servers are under load: - -java.lang.IllegalStateException: HttpSession is invalid at weblogic.servlet.internal.session.SessionData.getInternalAttribute(SessionData.java:633) at weblogic.servlet.internal.session.SessionData.updateVersionIfNeeded(SessionData.java:1237) at weblogic.servlet.internal.session.ReplicatedSessionContext.getSessionInternal(ReplicatedSessionContext.java:357) at weblogic.servlet.internal.ServletRequestImpl$SessionHelper.getValidSession(ServletRequestImpl.java:2412) at weblogic.servlet.internal.ServletRequestImpl$SessionHelper.getSession(ServletRequestImpl.java:1985) -
Severity: Minor Warning
Rationale: User Viewable Errors
Description: If an Oracle WebLogic Server cluster is hosting a Web application using in-memory session replication, the following exception can occur when the servers are under load:java.lang.IllegalStateException: HttpSession is invalid at weblogic.servlet.internal.session.SessionData.getInternalAttribute(SessionData.java:633) at weblogic.servlet.internal.session.SessionData.updateVersionIfNeeded(SessionData.java:1237)...This problem, described in Oracle Bug 8109736, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: User Viewable Errors
Description: The access.log file is being truncated at the URL query parameters, so the session ID after the semicolon is not being recorded. For example, the access should be written to the log file as follows:127.0.0.1 - - [03/Jan/2007:17:17:58 +0100] "GET/rewrite/hello2.jsp;jsessionid=FbX0Mqltwff3MLyKbSQLTv0qTp3phqQmg1LYTMZXJLhB!1289340431HTTP/1.1" 200 35Instead, the access is being written to the log file as follows:127.0.0.1 - - [03/Jan/2007:17:17:58 +0100] "GET /rewrite/hello2.jsp HTTP/1.1" 200 35
Severity: Minor Warning
Rationale: Administration
Description: The access.log file is being truncated at the URL query parameters, so the session ID after the semicolon is not being recorded. For example, the access should be written to the log file as follows:127.0.0.1 - - [03/Jan/2007:17:17:58 +0100] "GET/rewrite/hello2.jsp;jsessionid=FbX0Mqltwff3MLyKbSQLTv0qTp3phqQmg1LYTMZXJLhB!1289340431HTTP/1.1" 200 35Instead, the access is being written to the log file as follows:127.0.0.1 - - [03/Jan/2007:17:17:58 +0100] "GET /rewrite/hello2.jsp HTTP/1.1" 200 35This problem, described in Oracle Bug 8108185, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Administration
Description: When using the ANT task <wlserver> to create a domain, the creation is accomplished correctly. However, when the Oracle WebLogic Server starts (using the same ANT script), the following exception can occur:[WLServer Admin-1] weblogic.management.ManagementException: [Management:141266]Parsing Failure in config.xml: javax.xml.namespace.QName; local class incompatible: stream classdesc serialVersionUID = 4418622981026545151, local class serialVersionUID = -9120448754896609940Cause:Starting with JDK 1.5.0_07 (and later), Sun changed the version UID of the class javax.xml.namespace.QName. A new Java system property was introduced to have a compatibility mode: -Dcom.sun.xml.namespace.QName.useCompatibleSerialVersionUID=1.0This property must be set to avoid this error.
Severity: Minor Warning
Rationale: Administration
Description: When a build file is exported and run as an ANT task, the error shown below occurs. The error does not occur if the build is performed through Workshop for Oracle WebLogic Server 9.2.Error message:"This operation uses a Java type that cannot be transmitted by the web service."
Severity: Minor Warning
Rationale: User Viewable Errors
Description: When a build is performed through Workshop for Oracle WebLogic Server 9.2, the error shown below does not occur. However, when the build file is exported and run as an ANT task, the error occurs.Error message:"This operation uses a Java type that cannot be transmitted by the web service."This problem, described in Oracle Bug 8123975, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 3.
Severity: Minor Warning
Rationale: User Viewable Errors
Description: If a JDBC module exception is thrown, WebLogic Scripting Tool activate command will time out and never complete. In addition, the underlying JDBC module exception is not returned to the caller due to the activation timeout.
Severity: Minor Warning
Rationale: Administration
Description: If a JDBC module exception is thrown, WebLogic Scripting Tool activate command will time out and never complete. In addition, the underlying JDBC module exception is not returned to the caller due to the activation timeout.This problem, described in Oracle Bug 8071550, has been fixed in Oracle WebLogic Server 9.2.
Severity: Minor Warning
Rationale: Administration
Description: The Active Directory Authenticator in the Oracle WebLogic Server Administration Console does not display the groups that a user belongs to.
Severity: Minor Warning
Rationale: Administration
Description: The Oracle WebLogic Server 9.2 console Environment - Servers - "select server" - Monitoring tab - Threads tab, a value named "Active Execute Thread" count is displayed. This count is the number of threads that have a status of "Active"; however, this value is calculated as threads with status of "Active" or "Standby".
Severity: Minor Warning
Rationale: Administration
Description: The Oracle WebLogic Server 9.2 console Environment - Servers - "select server" - Monitoring tab - Threads tab, a value named "Active Execute Thread" count is displayed. This count is the number of threads that have a status of "Active"; however, this value is calculated as threads with status of "Active" or "Standby".This problem, described in Oracle Bug 8105211, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Administration
Description: When creating an SNMP trap destination, the assistant page only has the destination name. You will have to change the "Host" and "Port" of the trap destination. Modifying those attributes will require a server restart.
Severity: Warning
Rationale: Administration
Description: The Administration Console Provider Import and Export pages prompt you to save, even if you haven't made any changes. To duplicate this scenario:1. Click the provider's migration tab.2. Click either the Import or Export tab, and do not make any changes on the screen.3. Click the other tab (either Import or Export). A pop-up box prompts you to save changes.
Severity: Minor Warning
Rationale: Administration
Description: Leaving Customize This Table without making any changes causes a dialog box to pop up.The following scenario describes how to duplicate this error:1. Lock, create JDBC DataSource with XA driver, activate changes.2. Lock, select JDBC DataSource, connection pool, Advanced options, uncheck.3. Remove Infected Connections Enabled (change any non-dynamic attribute), Save, Activate changes.This generates the following on the console:An error occurred during activation of changes, please see the log for details.[Deployer:149001]No application named 'JDBC DataSource-000' exists for operation redeploy
Severity: Minor Warning
Rationale: Administration
Description: When you enable the administration port from the Administration Console and then click Activate, the Administration Console is not reachable until the URL used to communicate with the Administration Console is changed to HTTPS and the administration port number.
Severity: Minor Warning
Rationale: Administration
Description: If your server is not running on Oracle JRockit and you try to use the Dump Thread Stacks feature in the Administration Console, the Console shows "This page displays the current stacks for each thread" but the Threads table is empty, and there is no thread dump on the server.
Severity: Minor Warning
Rationale: Administration
Description: During auto-refresh of server monitoring/performance, a ClassNotFoundException error occurs in the Administration Console. The Administration Console refresh works, but a large number of stack traces appear in the administration server log.javax.servlet.ServletException:[HTTP:101249][weblogic.servlet.internal.WebAppServletContext@11ff258 -appName: 'consoleapp', name: 'console', context-path: '/console']: Servletclass jsp_servlet._jsp._common._images.__spacer_gif for servlet/jsp/common/images/spacer.gif could not be loaded because the requested classwas not found in the classpath .java.lang.ClassNotFoundException:jsp_servlet._jsp._common._images.__spacer_gif. atweblogic.servlet.internal.ServletStubImpl.prepareServlet(ServletStubImpl.java:516)...
Severity: Minor Warning
Rationale: Non-User Viewable Errors
Description: When you use the Administration Console to shut down an Administration Server or Managed Server, the following message is displayed:"The Administration Server is shutting down, and the console is no longer available. You will have to manually start the Administration Server using the node manager or a command line to continue administering this domain."However, the Node Manager is not available in Oracle WebLogic Server Virtual Edition.
Severity: Warning
Rationale: Administration
Description: In the Oracle WebLogic Server Admin Console, a javax.management.RuntimeOperationsException is raised if you click on a deployed library that is referenced by any deployed application.
Severity: Warning
Rationale: User Viewable Errors
Description: In the Oracle WebLogic Server Administration Console , a javax.management.RuntimeOperationsException is raised if you click on a deployed library that is referenced by any deployed application.This problem, described in Oracle Bug 8097920, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: User Viewable Errors
Description: If the Listen Address for the Admin Server is set to "0.0.0.0", managed servers will be unable to connect to the Admin Server if they are started on remote machines via the Node Manager.
Severity: Minor Warning
Rationale: Administration
Description: When uploading and deploying modules (WAR, EAR, JAR, etc.), the Administration Console creates temporary files but neglects to delete them later when they are no longer necessary.The naming convention of these files is strtsXXXXX.tmp. They are written to the ${java.tmp.dir} directory as follows: Windows: C:\Documents and Settings\<user>\Local Settings\Temp\ UNIX: /var/tmp, /tmp, or /etc
Severity: Minor Warning
Rationale: Performance
Description: When uploading and deploying modules (WAR, EAR, JAR, etc.), the Administration Console creates temporary files but neglects to delete them later when they are no longer necessary.The naming convention of these files is strtsXXXXX.tmp. They are written to the ${java.tmp.dir} directory as follows: Windows: C:\Documents and Settings\<user>\Local Settings\Temp\ UNIX: /var/tmp, /tmp, or /etcThis problem, described in Oracle Bug 8066216, has been fixed in Oracle WebLogic Server 9.2.
Severity: Minor Warning
Rationale: Performance
Description: The admin console fails to open table form pages with 'javax.servlet.ServletException: Index: 0, Size: 0'. When this problem occurs, you can see the following errors in the admin server's log:####<Oct 5, 2007 11:49:57 AM JST> <Error> <Console> <akitada04> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <> <1191552597171> <BEA-240003> <Console encountered the following error Exception during RequestDispatcher.include().This problem occurs after editing form tables. Once this problem occurs, opening the specific table form pages fail even after rebooting the admin server.
Severity: Minor Warning
Rationale: Administration
Description: Console throws an NPE on the Show messages page of a JMS queue.
Severity: Warning
Rationale: Administration
Description: Using WebLogic Scripting Tool or the Admin Console to upload and deploy the Oracle Service Bus configuration definition (sbconfig.xml) multiple times can cause "out of memory" errors.Cause:Oracle Service Bus deployment tasks are not properly cleaned up in Oracle WebLogic Server deployment framework, and thus remain in memory and not eligible for Garbage Collection.
Severity: Warning
Rationale: Performance
Description: When the Listen Address for the Administration Server is undefined (left blank), Oracle WebLogic Server listens only to the physical IP and is unable to be accessed by other aliased IP.
Severity: Minor Warning
Rationale: Non-User Viewable Errors
Description: When the Listen Address for the Administration Server is undefined (left blank), Oracle WebLogic Server listens only to the physical IP and is unable to be accessed by other aliased IP.This problem, described in Oracle Bug 8107797, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Non-User Viewable Errors
Description: The Administration Console does not display accurate information for runtime mbeans for a running message driven bean.For example, if you deploy an application to a server, then select a message driven bean that is part of this application, and select the monitoring tab, it displays a message "This EJB is not currently active on any running server," even if the application is targeted correctly and active in the server.
Severity: Warning
Rationale: Administration
Description: If you modify the Oracle WebLogic Server Administration Console context path by changing the URL, the JNDI View for the Server JNDI tree fails to use the new context path, and does not display correctly.
Severity: Minor Warning
Rationale: Administration
Description: If you modify the Oracle WebLogic Server Administration Console context path by changing the URL, the JNDI View for the Server JNDI tree fails to use the new context path, and so does not display correctly.This problem, described in Oracle Bug 8122349, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 3.
Severity: Minor Warning
Rationale: Administration
Description: Occasionally during deployment, the "Deployment Settings" window allows the selection of incorrect options, and these incorrect selections are allowed to pass through.For example, while deploying an application to one cluster member, the "All Servers" option is selected, which is incorrect. Now these incorrect selections will result in the following error message:weblogic.management.provider.EditFailedExceptionIf this problem occurs, the domain must be rebooted.
Severity: Warning
Rationale: Not Complying with Specifications
Description: Occasionally during deployment, the "Deployment Settings" window allows the selection of incorrect options, and these incorrect selections are allowed to pass through. For example, while deploying an application to one cluster member, the "All Servers" option is selected, which is incorrect. These incorrect selections result in the following error message:javascript:void(null);Remedyweblogic.management.provider.EditFailedExceptionIf this problem occurs, the domain must be rebooted.
Severity: Warning
Rationale: Not Complying with Specifications
Description: When using the Administration Console to define an application-level Work Manager, adding constraints to the Work Manager causes validation problems.
Severity: Warning
Rationale: Development
Description: The Administration console does not display a list of applications deployed on each server of a cluster. The Console should display this list in the Deployments tab for the Settings of the server.
Severity: Minor Warning
Rationale: Administration
Description: Changing the security realm from default to a custom realm for which the realm configuration is not complete throws an exception with the following key items:BEA-141191The prepare phase of the configuration update failed with an exception:weblogic.descriptor.DescriptorUpdateRejectedException: [Security:090818]under this exception there is also one exception with the following key items:BEA-240000java.lang.Runtime Exception: Unable to load the exception class [Securityat weblogic.management.jmx.CompositeTypeThrowable.reconstitute
Severity: Minor Warning
Rationale: Administration
Description: The current Oracle WebLogic Server cluster implementation uses multicast sockets for broadcasting messages to cluster members. These messages are called GroupMessages. Unicast-based cluster messaging provides cluster-wide broadcast of GroupMessages without the use of multicast sockets. However, the Oracle WebLogic Server 9.2 Administration Console does not provide support for unicast clustering MBeans.
Severity: Minor Warning
Rationale: Administration
Description: Your Administration Server is hosting applications other than Oracle system applications. Oracle recommends hosting these applications only on the managed servers within your domain. The only applications that should be deployed to your Administration Server are Oracle applications (for example, the Oracle WebLogic Server Administration Console and Oracle agents).
Severity: Warning
Rationale: Administration
Description: When the Administration Console is used to stop and restart a remote Managed Server, the Administration Console hangs until the remote Managed Server has been fully started.
Severity: Warning
Rationale: Administration
Description: Cannot display the JNDI tree on the Oracle WebLogic Server console on a managed server. It seems that the problem is caused by an empty <jndi-name> tag, which was accidentally added in the datasource configuration file.<jdbc-data-source-params> <jndi-name>dsGestionRepresentations</jndi-name> <jndi-name></jndi-name><global-transactions-protocol>TwoPhaseCommit</global-transactions-protocol></jdbc-data-source-params>When reading the tree a java.lang.StackOverflowError appears in the logs.
Severity: Critical
Rationale: Server Outage
Description: After leaving the server idle, when you come back to the JNDI window and click any link, you are asked to login again, which is expected. However, after logging in, the window only displays the word "Null" instead of the tree.
Severity: Minor Warning
Rationale: Administration
Description: When installing Oracle WebLogic Server 9.2 GA without running Smart Update, and then upgrading to Oracle WebLogic Server 9.2 Maintenance Pack 1 using the upgrade installer, Oracle Smart Update (bsu.cmd) cannot start.For example, the following installers were used:- server920_win32.exe (EN GA kit)- server921_upgrade_win32.exe (EN GA kit)In the three example scenarios below, Oracle Smart Update can start successfully for (1) and (2) but cannot start for (3).(1) install 9.2 -> start Oracle Smart Update(2) install 9.2 -> start and close Oracle Smart Update -> upgrade to MP1 -> start Oracle Smart Update(3) install 9.2 -> upgrade to MP1 -> start Oracle Smart Update
Severity: Minor Warning
Rationale: Administration
Description: Create a Datasource called mydatasourceJDBC - > DataSource - > mydatasource - > Monitoring tabIn this page it shows all attributes (around 26 columns in the table) in tabular form with their corresponding data. Change it to show only 6 or 8 attributes (columns), also there is a "Customize this table" link, which will help users to select and see all attributes.
Severity: Minor Warning
Rationale: Administration
Description: The $fault variable is populated if you explicitly set an XQuery function in the "Request Actions" of the "Publish Action," and fails to be populated if a "Raise Error" action is used in the "Publish Action." This behavior is independent of the QoS ("Best Effort" or "Exactly Once"). In a "Best Effort" scenario, the exception will be consumed.Resolution:Apply Oracle Bug 8105659. After you apply the patch, the $fault variable will be populated in the original context for a "Publish Action" on a "Raise Error" action in a Qos "Exactly Once" scenario.
Severity: Warning
Rationale: Administration
Description: When using the -Dweblogic.iiop.useJavaSerialization flag in a call over IIOP, an org.hibernate.LazyInitializationException occurs.This problem, described in Oracle Bug 8145565, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 3.
Severity: Minor Warning
Rationale: Server Outage
Description: When using the -Dweblogic.iiop.useJavaSerialization flag in a call over IIOP, an org.hibernate.LazyInitializationException occurs.
Severity: Critical
Rationale: Server Outage
Description: Using the Apache plugin, the following exception appears in the log:"Server list is empty. Can't locate preferred servers "
Severity: Warning
Rationale: Subsystem Outage
Description: Using the Apache plugin, following exception appears in the log:"Server list is empty. Can't locate preferred servers "This problem, described in Oracle Bug 8115635, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Subsystem Outage
Description: When Oracle WebLogic Server was restarted, an Applet JMS consumer failed to receive any messages, even though it was reconnected.While Oracle WebLogic Server is down, or in the process of restarting, the following exception in Applet JMS consumer output occurs:javax.naming.CommunicationException [Root exception is java.net.ConnectException: t3://xxxxxx01:7001: Destination unreachable; nested exception is: java.net.ConnectException: Connection refused: connect; No available router to destination] ...
Severity: Minor Warning
Rationale: Administration
Description: When Oracle WebLogic Server is restarted, an Applet JMS consumer failed to receive any messages, even though it was reconnected. While the server is down or in the process of restarting, the following exception in Applet JMS consumer output occurs:javax.naming.CommunicationException [Root exception is java.net.ConnectException: t3://host:port: Destination unreachable; nested exception is: java.net.ConnectException: Connection refused: connect; No available router to destination] ...This exception disappears after the server is started. However, no further messages are consumed by this Applet client, even though messages are being sent to ther Topic.This problem, described in Oracle Bug 8121602, has been fixed in Oracle WebLogic Server 10.0 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Administration
Description: If you create a local disk for the Logical Volume Manager (LVM), the current working directory defaults to the /domain directory on the local disk. If the weblogic.RootDirectory refers to another directory, either on an NFS mount or on the local disk, application deployments can fail, particularly if the application contains webservices.
Severity: Warning
Rationale: Development
Description: For Oracle WebLogic Server 9.2 Maintenance Pack 2 or Maintenance Pack 3, an application state can hang with STATE_UPDATE_PENDING status, after the WebLogic.Deployer utility runs redeploy to update files in an application multiple times. This issue happens intermittently.
Severity: Minor Warning
Rationale: Administration
Description: Applications with Web modules mapped to different context roots can fail to deploy.The following is a sample application.xml configuration file:<?xml version="1.0" encoding="UTF-8"?><application xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2eehttp://java.sun.com/xml/ns/j2ee/application_1_4.xsd" version="1.4"> <display-name>pa</display-name> <module> <web> <web-uri>/web</web-uri> <context-root>pw</context-root> </web> </module> <module> <web> <web-uri>/web</web-uri> <context-root>test</context-root> </web> </module> </application>This problem, described in Oracle Bug 8108005, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Not Complying with Specifications
Description: Currently, applications must be redeployed after timestamp settings have been configured using Console or WebLogic Scripting Tool. This issue has been fixed.
Severity: Minor Warning
Rationale: Administration
Description: When using Oracle WebLogic Server 9.2 SNMP Counter monitor, this exception is thrown:ExecuteRequest failed java.lang.AssertionError: Unable to determine parent types for UserLockoutManagerRuntime: while calculating parent for com.bea:ServerRuntime=AdminServer,Name=UserLockoutManager,Type=UserLockoutManagerRuntime,Location=AdminServer,RealmRuntime=myrealm,ServerSecurityRuntime=AdminServer.java.lang.AssertionError: Unable to determine parent types for UserLockoutManagerRuntime: while calculating parent for com.bea:ServerRuntime=AdminServer,Name=UserLockoutManager,Type=UserLockoutManagerRuntime,Location=AdminServer,RealmRuntime=myrealm,ServerSecurityRuntime=AdminServer at weblogic.management.WebLogicObjectName.setParentFromObjectName(WebLogicObjectName.java:900) ...
Severity: Minor Warning
Rationale: Administration
Description: Oracle WebLogic Server was creating multiple EJBTimerRuntimeMBeans with the same name. As a result of the duplicate names, subsequent EJBTimerRuntimeMBeans with the same name failed to register or unregister. The following AssertionError appears in the server logs with message BEA-080004:An error was thrown by the RMI server:weblogic.management.remote.iiop.IIOPServerImpl.newClient(Ljava.lang.Object;) java.lang.AssertionError: Registered more than one instance with the same objectName :com.bea:ServerRuntime=myserver,Name=MedRecSessionBean,ApplicationRuntime=medrecapp, Type=EJBTimerRuntime, EJBComponentRuntime=MedRecSessionBeanWorkaround or Solution:Oracle WebLogic Server now uses unique names for the EJBTimerRuntimeMBean.
Severity: Critical
Rationale: Administration
Description: The receiver service requires inbound/outbound messages to be signed and encrypted. When the sender sends the request, the receiver is able to invoke the Web method; however, when an asynchronous response returns to the sender, an InvocationTargetException is thrown.
Severity: Warning
Rationale: Administration
Description: The J2EE v1.4 specification shows javax.xml.soap.Text contains the method isComment(). When used in Oracle WebLogic Server 9.1 and Oracle WebLogic Server 9.2, the implementation class of weblogic.Web service.core.soap.SOAPTextElement (SOAPTextElement.java:43) throws the following exception:java.lang.UnsupportedOperationException: This class does not support SAAJ 1.1The actual class/method in question is javax.xml.soap.Text.isComment(), which appears to be implemented byweblogic.Web service.core.soap.SOAPTextElement.isComment().
Severity: Minor Warning
Rationale: Not Complying with Specifications
Description: The J2EE v1.4 specification shows javax.xml.soap.Text contains the method isComment(). When utilized in Oracle WebLogic Server 9.1 and Oracle WebLogic Server 9.2, the implementation class of weblogic.Web service.core.soap.SOAPTextElement (SOAPTextElement.java:43) throws the following exception:java.lang.UnsupportedOperationException: This class does not support SAAJ 1.1The actual class/method in question is javax.xml.soap.Text.isComment(), which appears to be implemented byweblogic.Web service.core.soap.SOAPTextElement.isComment().This problem, described in Oracle Bug 8089633, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Not Complying with Specifications
Description: In earlier versions of Oracle WebLogic Server, a managed server saved a copy of its configuration data only when Managed Server Independence was enabled by means of the MSIFileReplicationEnabled attribute.In Oracle WebLogic Server 9.X, managed servers automatically maintain a local copy of the domain configuration. In Oracle WebLogic Server 9.X, Managed Server Independence (MSI) mode is enabled by default.
Severity: Minor Warning
Rationale: Administration
Description: Any site that is running untrusted application code is susceptible to this vulnerability.Application code (for example, EJBs or servlets) can be coded in such a way so as to allow it to decrypt encrypted passwords on the server.This patch resolves the issue by protecting the code to disallow application access. Even after installing this patch, to optimize security Oracle recommends that application code should be inspected for suspicious code before being installed on the server.
Severity: Critical
Rationale: Administration
Description: Newly configured security providers appear to be active despite the fact that the server will not use them until after a server restart. After configuring a new security provider, it may appear that the provider is active before a server restart, as no indication is given that the server is still using the security providers from the last restart. This may lead an administrator to delete or add users, and delete or add security policies to the new provider. The patch for Security Advisory BEA06-116.00 ensures that the WebLogic Administration Console and WebLogic Scripting Tool properly display a warning that the server must be rebooted before a new security provider becomes active. WebLogic Scripting Tool will now display the correct providers in the runtime tree.
Severity: Critical
Rationale: Administration
Description: Under certain conditions, connection filters may cause server slowdown, which could make the server vulnerable to a denial-of-service attack.
Severity: Critical
Rationale: Performance
Description: When using the WebLogic Server Console to set security policies on JNDI resources, the security policies do not properly protect the JNDI resources.
Severity: Critical
Rationale: Server Outage
Description: All sites that allow untrusted applications to be hosted in the server are vulnerable to this issue.An application hosted in the server can obtain the private keys.This patch resolves the issue by restricting access to the private keys.
Severity: Critical
Rationale: Server Outage
Description: All sites that allow untrusted applications to be hosted in the server are vulnerable to this issue.An application hosted in the server can obtain the private keys.This patch resolves the issue by restricting access to the private keys.
Severity: Critical
Rationale: Server Outage
Description: All sites where administrators have used the WebLogic Server Administration Console to set custom JDBC security policies are vulnerable to this issue. Sites where the console has not been used to set JDBC security policies are not affected.When setting JDBC security policies, the console was not setting them correctly. This could result in those JDBC resources not being properly secured.This patch resolves the issue by correcting how the console sets JDBC security policies.After the patch is applied, all JDBC policies will need to be reviewed to ensure correctness.
Severity: Critical
Rationale: Administration
Description: All sites that that use WebLogic Server HTTP handlers and that host protected Java Web Service (JWS) or web apps are affected by this issue.If access to a protected JWS or web app fails, the username and password used in the access attempt may be logged to the server log. This can result in the password (either valid or invalid) being visible in clear text in the WebLogic Server log.This patch resolves the issue by ensuring that the username and password are removed from the failure message written to the log.
Severity: Critical
Rationale: Server Outage
Description: All sites are vulnerable to this attack.It is possible for a remote user to bind anonymously to the embedded LDAP server and 1) look at user entries (but not attributes) if the schema can be guessed, or 2) launch a denial-of-service attack against the embedded LDAP server by creating many connections to the LDAP server.The patch for Security Advisory BEA06-81.02 resolves the issue by adding an attribute to restrict anonymous bind. After applying this patch and rebooting, anonymous bind will be restricted by default.
Severity: Critical
Rationale: Administration
Description: All sites with JDBCDataSourceFactory MBeans that use the Properties attribute to store a password are vulnerable to this issue.A password entered in the JDBCDataSourceFactory MBean Properties was not being removed and encrypted in the Password attribute. This behavior allowed an administrator to view the password in clear text.This patch resolves the issue by ensuring that a password entered in the JDBCDataSourceFactory MBean Properties attribute is properly protected.
Severity: Critical
Rationale: Administration
Description: This vulnerability can occur in WebLogic clients using Web Services Security (WSSE). In special circumstances an attacker may be able to mount a man-in-the-middle attack.This patch corrects validation to prevent this attack.
Severity: Critical
Rationale: Non-User Viewable Errors
Description: The Web Services Security (WSSE) runtime may fail to enforce the use of a credential configured for decrypting messages sent by a client. In specific circumstances a malicious remote client may be able to exploit this vulnerability and bypass the application configured security. Patches are available to enforce proper validation by the WSSE runtime.
Severity: Critical
Rationale: Non-User Viewable Errors
Description: This vulnerability may occur in a transactional Message Driven Bean (MDB) using EJB container persistence. Some of the persistence operations can be called with an administrative identity. This issue only occurs when using the WebLogic Server 6.1 compatibility realm.This advisory resolves the issue by enforcing the execution of these operations with the proper identity.
Severity: Critical
Rationale: Administration
Description: A vulnerability has been found in WebLogic Server in which a security policy created via the console on an EJB method with array parameters may not be enforced. An attacker could exploit this vulnerability to gain unauthorized access to these particularly defined EJB methods.This advisory resolves the issue by properly enforcing EJB security restrictions.
Severity: Critical
Rationale: Administration
Description: Under certain circumstances, the WebLogic Server proxy plug-in for Apache web server may not properly handle a protocol error. As a result, the proxy plug-in could cause the Apache server to fail or to mark back-end WebLogic servers as unavailable. Open sessions may fail and applications hosted by back-end WebLogic servers may be unreachable. All applications using the WebLogic Server proxy plug-in on an Apache web server are vulnerable to this.
Severity: Critical
Rationale: User Viewable Errors
Description: An error has been found in the handling of malformed HTTP requests in WebLogic Server. An attacker could exploit this condition to find data involved in previous requests on the server, potentially from other users.This advisory resolves the problem by enforcing proper handling for this type of request.
Severity: Critical
Rationale: Administration
Description: All sites that use admin servers to set security policy for managed servers are vulnerable.In very specific circumstances a policy change made on an admin server for a currently unavailable managed server will never reach the managed server. This is caused by a problem in the handling of the admin server's change log.This would lead to an administrator thinking that the managed server was running with the latest security policies when in fact the managed server might be running with an older set of security policies.This patch resolves the issue by ensuring that security policies will be correctly sent to the managed server.
Severity: Critical
Rationale: Administration
Description: A client can mount a denial of service attack by manipulating socket connections to a WebLogic Server running on Solaris 9. As a result of this attack, the server may not be able to process other valid requests. This advisory resolves the issue by closing the bad socket connections.
Severity: Critical
Rationale: Administration
Description: Any sites that use roles and entitlements to manage WebLogic Portal resources are susceptible to this vulnerability. If an administrative user deletes entitlements for a given role other roles entitlements are inadvertently affected.This patch resolves the issue by enforcing proper access restrictions.
Severity: Critical
Rationale: Administration
Description: Sites that operate in an Oracle WebLogic Server clustered environment and use WebLogic Portal entitlements to manage WebLogic Portal resources are susceptible to this vulnerability. If an administrative user changes a WebLogic Portal entitlement policy on a managed server while the Administrative Server is down, the policy change may not be successfully propagated to the other managed servers in the cluster.This patch resolves the issue by preventing entitlement policy changes when the Administration server is down.
Severity: Critical
Rationale: Administration
Description: On specific configurations, the Oracle WebLogic Server embedded LDAP does not limit or audit failed login attempts, and an attacker, inside the firewall, could mount a trial and error attempt to guess the administrator's password. The attacker can also produce a denial of service condition on the LDAP port with the repeated attempts to logon.This advisory resolves this condition by allowing the definition of quotas limiting the usage of the WebLogic Server embedded LDAP. The quotas limit the maximum number of connections, the maximum number of operations per connection, the maximum number of connections per subject, and the maximum number of connections per IP address. In addition, login attempts and information about exceeded quotas are logged.
Severity: Critical
Rationale: Administration
Description: The Administration Console supports the configuration of Web Service security to secure particular web services. Administrators can specify security properties required for a particular web service, including passwords used by credential providers and token handlers. During the creation of the configuration, the console may display these sensitive attributes in clear text. However, these sensitive attributes are correctly encrypted when the configuration is written to disk.A patch is available to correct this issue by updating the Administration Console pages so that Web Service Security credential provider and token handler sensitive properties are not displayed in clear text.
Severity: Critical
Rationale: Administration
Description: The WebLogic configToScript command converts an existing server configuration to an executable WebLogic Scripting Tool script and the resulting script can be used to create a new WebLogic domain. However, the generated script may not encrypt sensitive attributes (in particular, the node manager password) when a new domain is created with the script.A patch is available to allow proper encryption of these sensitive attributes.
Severity: Critical
Rationale: Server Outage
Description: Security advisory BEA07-164.01 contains the corrected remedy for this vulnerability on Oracle WebLogic Server and WebLogic Express 9.1 and 9.0. This advisory supersedes security advisory BEA07-164.00.
Severity: Critical
Rationale: Server Outage
Description: Rich text content in the WebLogic GroupSpace application is susceptible to cross-site scripting (XSS) attacks. Because rich text content in GroupSpace is actually HTML, it is possible for an authenticated user to add malicious JavaScript code that will execute in another users' environment (e.g., browser) when the HTML is rendered.This patch gives administrators a way to prevent this vulnerability by providing a configurable option to turn off the rich text editor and use a plain text editor instead.
Severity: Critical
Rationale: Administration
Description: An authenticated WebLogic Portal administrator or Delegated administrator may cause an inadvertent corruption of a visitor entitlements role when editing the role description if more than 255 characters are entered. This will cause any resources that were protected to no longer be protected. This vulnerability can occur by either editing a role description via the WebLogic Portal Administration Console or through a portal application using the WebLogic Portal APIs.A fix has been provided which prevents the entry of more than 255 characters.
Severity: Critical
Rationale: Administration
Description: WebLogic SSL may verify incorrectly RSA signatures if the RSA public key exponent is 3. An attacker can create certificates with a forged signature that makes the SSL certificate chain to be improperly verified as valid.This advisory corrects this problem by rejecting RSA certificates with a public key exponent of 3.For additional details about this vulnerability, see the link to Mitre in the For More Information section.
Severity: Critical
Rationale: Administration
Description: The WebLogic Workshop Test View may reveal parent directory information to the WebLogic Workshop Directory (wlwdir) when the application is deployed in an exploded format in a development environment. The WebLogic Workshop Test View console should always be disabled in a production environment.WebLogic Integration 9.2 is only susceptible if the application is deployed explicitly in an exploded form. By default, WebLogic Integration 9.2 does not use the exploded deployment model.This patch resolves this problem by preventing users from navigating beyond the corresponding web application directory.
Severity: Critical
Rationale: Administration
Description: The Sun Java Runtime Environment (JRE) contains vulnerabilities that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.There were two vulnerabilities related to serialization in the Java Runtime Environment. These vulnerabilities would allow a malicious applet or application to elevate its privileges. Earlier BEA JRockit releases supporting applets may be affected by this issue. The latest version of Oracle JRockit JVM cannot be used to run applets, so it is not affected by this issue.For more information, please contact Oracle Support or visit support.oracle.com.
Severity: Critical
Rationale: Administration
Description: A buffer overflow while processing GIF images in the Java Runtime Environment may allow a malicious applet to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications with the privileges of the user running the applet. Earlier versions of BEA JRockit supporting applets may be affected by this issue. Newer versions of BEA JRockit cannot be used to run applets.Under special circumstances, a server running BEA JRockit may also be affected if it can receive (through a web upload) a maliciously crafted image and this image is decoded in the server.
Severity: Critical
Rationale: Administration
Description: Java Web Start enables standalone Java applications to be launched from a browser. A vulnerability was reported in Java Web Start that allows a non-trusted application to elevate its privileges. For example, the non-trusted application could read and write local files accessible to the user running the Java Web Start Application. For more information, please contact Oracle Support or visit support.oracle.com.Early releases of BEA JRockit (prior to R26.0) may be affected by this vulnerability and patches are available to correct this problem. The latest releases of BEA JRockit do not ship with Java Web Start and are not affected by this vulnerability.
Severity: Critical
Rationale: Administration
Description: The Sun Java Runtime Environment contains vulnerabilities that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.Two buffer overflow conditions have been identified that may allow non-trusted applets to elevate their privileges. For example, an applet might be able to grant itself permission to read and write local files, or execute local applications that are accessible to the user running the non-trusted applet. Earlier versions of BEA JRockit supporting applets may be affected by these issues.For more information, please contact Oracle Support or visit support.oracle.com.
Severity: Critical
Rationale: Administration
Description: In some circumstances, SSL clients that run outside the server environment may not find all possible ciphers with which to construct the list of potential SSL cipher suites resulting in use of the default null cipher (no encryption).This advisory corrects this issue by supplying jars and instructions to ensure all cipher suites are found.
Severity: Critical
Rationale: Server Outage
Description: An attacker could obtain and exploit information that is not encrypted when a null cipher suite is in use. Under certain circumstances, when a client does not offer support for any of the cipher suites available in the server, then the server may select a cipher suite that uses a null cipher; this may result in SSL communication that is not encrypted.This advisory corrects this issue by logging a message when null cipher is in use and also provides administrators the ability to disable the use of null ciphers during SSL communications with SSL clients.
Severity: Critical
Rationale: Server Outage
Description: Contact Oracle Support or visit support.oracle.com for the following information:- A JavaDoc defect may lead to the generation of HTML documentation pages with potential cross-site scripting (XSS) vulnerability.- A buffer overflow vulnerability in the JRE image parsing code may allow an untrusted applet or application to elevate its privileges.- A vulnerability in the JRE font parsing code may allow an untrusted applet to elevate its privileges.- The Java XML Digital Signature implementation in JDK and JRE 6 does not securely process XSLT stylesheets in XSLT Transforms in XML Signatures.- A JRE Applet Class Loader security vulnerability may allow an untrusted applet that is loaded from a remote system to circumvent network access.
Severity: Critical
Rationale: Administration
Description: The Java Secure Socket Extension (JSSE) that is included in various releases of the Java Runtime Environment does not correctly process SSL/TLS handshake requests. This vulnerability may be exploited to create a Denial of Service (DoS) condition to the system as a whole on a server that listens for SSL/TLS connections using JSSE for SSL/TLS support. For more information, please contact Oracle Support or visit support.oracle.com.This advisory corrects this issue by supplying patched versions of JRockit.
Severity: Critical
Rationale: Administration
Description: WebLogic HttpClusterServlet or HttpProxyServlet, configured with the "SecureProxy" parameter, may serve external requests to back-end WebLogic servers on behalf of a system identity instead of the proxy's own identity. These external requests may be wrongly granted access to certain administrative resources that are only accessible to an administrator.This advisory resolves the problem by enforcing the use of the proxy identity. The configuration of a proxy has also been enhanced to permit connections using two-way SSL.
Severity: Critical
Rationale: Administration
Description: An attacker can spoof certain information in a request header, which can potentially allow access to application servlets that rely on this information for authentication.This advisory corrects this issue by ensuring that the header information is properly handled before passing it to the servlet.
Severity: Critical
Rationale: Administration
Description: WebLogic security policies can be configured to restrict the access to a JMS destination. If an application user does not have the "receive" permission to a JMS destination (queue/topic), an attempt of receiving messages from that destination by the application should fail with security errors. By exploiting this vulnerability an unauthorized user may be able to receive messages from a standalone (physical) JMS Topic destination or a member of a secured Distributed Topic member destination.This advisory resolves this issue by checking permissions before allowing a subscriber to use a durable subscription.
Severity: Critical
Rationale: Administration
Description: The distributed queue feature in WebLogic JMS provides higher availability in a clustered environment. If a JMS client sends a message to a distributed queue and encounters a problem with one member of that distributed queue (the member is down, the member exceeds its quota, access denied, etc), internally the JMS subsystem will retry another member of the same distributed destination. In certain configurations, an unauthorized user is able to send messages to a secure distributed queue.This advisory corrects the problem and ensures that the correct user identity is maintained.
Severity: Critical
Rationale: Administration
Description: The WebLogic Server Administration Console uses fields contained in a URL to identify which information should be included when displaying information to a user.An attacker may be able to inject JavaScript into the console output.This advisory corrects the cross site scripting issue by sanitizing the output.
Severity: Critical
Rationale: Administration
Description: In order to exploit this vulnerability, an attacker must have access to the server's console login page and have a non-administrator user account on that server. A session fixation vulnerability exists which can result in elevation of the attacker's privileges. For more information about Session Fixation attacks, see:http://en.wikipedia.org/wiki/Session_fixationThis advisory corrects this issue by always regenerating an auth cookie on login.
Severity: Critical
Rationale: Administration
Description: In order to avoid brute-force credential attacks, Oracle WebLogic Server has a mechanism that locks the corresponding user account after a certain number of invalid login attempts. By default, the account is locked after 5 invalid login attempts and remains locked for 30 minutes.Even after a user has been locked out, logon requests to certain carefully constructed URLs can still give hints as to whether the password is correct or not. This allows a sophisticated attacker to successfully run a brute-force password attack, a dictionary attack, or other similar attacks. All sites that use servlets are vulnerable to this problem.The patch associated with this advisory corrects the problem.
Severity: Critical
Rationale: Administration
Description: An attacker can use a carefully constructed URL to cause BEA's proxy plugin to crash the Sun, IIS, or Apache web server process. On re-start, this may cause in-flight requests to be lost. This can cause a temporary denial of service. This attack can be exploited remotely, and the attacker does not require authentication.This advisory resolves the issue in the plugin by correctly handling URLs.
Severity: Critical
Rationale: Administration
Description: This is a combined security advisory. These vulnerabilities are fixed in JRockit R27.5.0. Installers, updates, patches and more information are available at support.oracle.com.
Severity: Critical
Rationale: Administration
Description: Cross-Site Scripting (XSS) vulnerabilityFor more information, see:http://download.oracle.com/docs/cd/E13222_01/wls/docs81/servlet/progtasks.html#160803Caution About Existing Samples:Our samples are intended to provide a simple tutorial regarding a few specific features. They are not comprehensive guides to best practices. Many of them omit the use of the Utils.encodeXSS() method or other XSS preventative techniques in needed places and are hence vulnerable to XSS attacks.
Severity: Critical
Rationale: Administration
Description: When using Oracle WebLogic Tuxedo Connector, Oracle support recommends the following best practices:For load balancing outbound requests, configure the imported service with multiple entries using a different key. The imported service uses a composite key to determine each record's uniqueness. The composite key is compose of the following:<service name> + <local access point> + <primary route in the remote access point list>
Severity: Minor Warning
Rationale: Performance
Description: The LogBroadcaster fails to broadcast log messages when the log message is large. Messages bigger than 64k fail to be broadcast. This size limitation was introduced in Oracle WebLogic Server 9.x.Error message:<BEA-170011> <The LogBroadcaster on this server failed to broadcast log messages to the admin server. The Admin server may not be running. Message broadcasts to the admin server will be disabled.>
Severity: Warning
Rationale: Administration
Description: When userid and password for username token profile is blank, the server returns NullPointerException, as below:java.lang.NullPointerExceptionat weblogic.xml.crypto.utils.DOMUtils.getText(DOMUtils.java:237)at weblogic.xml.crypto.wss.UsernameTokenImpl.unmarshal(UsernameTokenImpl.java:322)
Severity: Minor Warning
Rationale: Administration
Description: The following Java class should produce TRUE for Integer values within the range(-128...+127). However, with Oracle JRockit releases R27.2.X and R27.3.X, this may return FALSE.public class Test { public static void main(String[] args) { Integer i1 = 4, i2 = 4; System.out.println(i1 == i2); }}
Severity: Minor Warning
Rationale: Development
Description: Oracle WebLogic Server cannot start the JMS bridge if the connection URL was not provided.This problem, described in Oracle Bug 8057089, has been fixed in Oracle WebLogic Server 9.1.
Severity: Minor Warning
Rationale: Subsystem Outage
Description: CORBA strings encoded in extended UTF-8 character set, wherein a high bit is set, are not correctly parsed by the output stream handler. This is because the IIOPOutputStream.write_string is not correctly handling UTF-8 encoded strings, instead it is parsing them as ASCII.
Severity: Minor Warning
Rationale: Administration
Description: CORBA strings encoded in extended UTF-8 character set, wherein a high bit is set, are not correctly parsed by the output stream handler. This is because the IIOPOutputStream.write_string is not correctly handling UTF-8 encoded strings, instead it is parsing them as ASCII.This problem, described in Oracle Bug 8105677, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Administration
Description: Advisory CVE-2009-1006 refers to all the vulnerability fixes that have been made in JRockit for addressing the applicable issues. The applicable advisories include:CVE 2008-5347CVE 2008-5348CVE 2008-5349CVE 2008-5350CVE 2008-5351CVE 2008-5352CVE 2008-5353CVE 2008-5354CVE 2008-5356CVE 2008-5360xFor more information, please contact Oracle Support or visit support.oracle.com.
Severity: Critical
Rationale: Administration
Description: Information Disclosure vulnerability in the ForeignJMS component.
Severity: Critical
Rationale: Administration
Description: Elevation of privilege vulnerability in the Console/WLST.
Severity: Critical
Rationale: Administration
Description: Information Disclosure vulnerability in the WebLogic console or server log.
Severity: Critical
Rationale: Administration
Description: Information disclosure vulnerability in WebLogic Server plug-ins for Apache, Sun, and IIS Web servers.
Severity: Critical
Rationale: Administration
Description: Information disclosure in JSP pages.
Severity: Critical
Rationale: Administration
Description: Elevation of privilege vulnerabilities in the UDDI Explorer.
Severity: Critical
Rationale: Administration
Description: Denial-of-Service vulnerability in WebLogic Server (Oracle WebLogic Server 9.x)
Severity: Critical
Rationale: Server Outage
Description: A vulnerability in the Java Management Extensions (JMX) management agent included in the Java Runtime Environment (JRE) may allow a JMX client running on a remote host to perform unauthorized operations on a system running JMX with local monitoring enabled.For more information, please contact Oracle Support or visit support.oracle.com.
Severity: Critical
Rationale: Administration
Description: Security vulnerabilities in the Java Runtime Environment may allow an untrusted applet that is loaded from a remote system to circumvent network access restrictions and establish socket connections to certain services running on machines other than the one that the applet was downloaded from. This may allow the untrusted remote applet the ability to exploit any security vulnerabilities existing in the services it has connected to.For more information, please contact Oracle Support or visit support.oracle.com.
Severity: Critical
Rationale: Administration
Description: A vulnerability in the Java Runtime Environment related to the processing of XML data may allow unauthorized access to certain URL resources (such as some files and web pages) or a Denial of Service (DoS) condition to be created on the system running the JRE.For more information, please contact Oracle Support or visit support.oracle.com.
Severity: Critical
Rationale: Administration
Description: A vulnerability in the Java Runtime Environment with processing XML data may allow an untrusted applet or application that is downloaded from a website unauthorized access to certain URL resources (such as some files and web pages).For more information, please contact Oracle Support or visit support.oracle.com.
Severity: Critical
Rationale: Administration
Description: A buffer overflow security vulnerability with the processing of fonts in the Java Runtime Environment (JRE) may allow an untrusted applet or application to elevate its privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet.For more information, please contact Oracle Support or visit support.oracle.com.
Severity: Critical
Rationale: Administration
Description: A vulnerability in the Java Runtime Environment relating to scripting language support may allow an untrusted applet or application to elevate its privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet.For more information, please contact Oracle Support or visit support.oracle.com.
Severity: Critical
Rationale: Administration
Description: A vulnerability in the Java Runtime Environment relating to scripting language support may allow an untrusted applet to access information from another applet.For more information, please contact Oracle Support or visit support.oracle.com.
Severity: Critical
Rationale: Administration
Description: Recently an exploit has been made public which may impact the availability, confidentiality or integrity of WebLogic Server applications which use the Apache web server configured with the WebLogic plug-in for Apache. This vulnerability may be remotely exploitable without authentication (that is, it may be exploited over a network without the need for a username and password).
Severity: Critical
Rationale: Server Outage
Description: This vulnerability may impact the availability, confidentiality, or integrity of WebLogic Server applications which use the Apache web server configured with the WebLogic plug-in for Apache. This vulnerability may be remotely exploitable without authentication, that is, it may be exploited over a network without the need for a username and password.
Severity: Critical
Rationale: Administration
Description: If you configure more than one authorizer (e.g. an XACMLAuthorizer and a DefaultAuthorizer), certain elevation of privileges may occur for some resources.
Severity: Critical
Rationale: Administration
Description: This vulnerability in some NetUI tags may allow an attacker to read unauthorized data.
Severity: Critical
Rationale: Administration
Description: Under certain conditions, some applications in admin state may be made available to non admin users.
Severity: Critical
Rationale: Administration
Description: Under certain conditions, some applications in admin state may be made available to non admin users.
Severity: Critical
Rationale: Administration
Description: Under certain conditions, some applications in admin state may be made available to non admin users.
Severity: Critical
Rationale: Administration
Description: If you upgrade from Oracle WebLogic Server 8.1 Maintenance Pack 3 to a higher version and use auth-method as CLIENT-CERT, some web apps which were protected in Oracle WebLogic Server 8.1 Maintenance Pack 3 may be made available to an invalid user.
Severity: Critical
Rationale: Administration
Description: If you upgrade from Oracle WebLogic Server 8.1 Maintenance Pack 3 to a higher version and use auth-method as CLIENT-CERT, some Web applications which were protected in Oracle WebLogic Server 8.1 Maintenance Pack 3 may be made available to an invalid user.
Severity: Critical
Rationale: Administration
Description: If you upgrade from Oracle WebLogic Server 8.1SP3 to a higher version and use auth-method as CLIENT-CERT, some web apps which were protected in Oracle WebLogic Server 8.1SP3 may be made available to an invalid user.
Severity: Critical
Rationale: Administration
Description: This vulnerability may impact the availability, confidentiality, or integrity of WebLogic Server applications, which use the Apache, Sun, or IIS Web server configured with the WebLogic plug-in for Apache, Sun, or IIS servers, respectively. This vulnerability may be remotely exploitable without authentication; that is, it may be exploited over a network without the need for a username and password.
Severity: Critical
Rationale: Administration
Description: Certain circumstances may cause some information disclosure in WebLogic Server JSPs and servlets.
Severity: Critical
Rationale: Subsystem Outage
Description: This vulnerability in WebLogic Console may allow information disclosure and elevation of privileges. This may be exploited over a network.
Severity: Critical
Rationale: Administration
Description: This vulnerability in WebLogic Portal may allow elevation of privileges. This may be exploited over a network.
Severity: Critical
Rationale: Administration
Description: Oracle has released Critical Patch Updates for October 2009 that provide corrective action for potential security vulnerabilities for Oracle JRockit R27.6.3 JRE/JDK 1.6.0_11. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Administration
Description: Oracle has released Critical Patch Updates for July 2009 that provide corrective action for potential security vulnerabilities for Oracle WebLogic 9.0, 9.1 and 9.2. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Server Outage
Description: This vulnerability in WebLogic Server may allow elevation of privileges. This may be exploited over a network.
Severity: Critical
Rationale: Administration
Description: This vulnerability in Oracle WebLogic Server may allow access to source code of Web pages. This may be exploited over a network.
Severity: Critical
Rationale: Administration
Description: This vulnerability may impact the availability, confidentiality, or integrity of WebLogic Server applications, which use the Apache, Sun, or IIS web server configured with the WebLogic plug-in for Apache, Sun, or IIS servers, respectively. This vulnerability may be remotely exploitable without authentication. That is. it may be exploited over a network without the need for a username and password.
Severity: Critical
Rationale: Administration
Description: This vulnerability may impact the availability, confidentiality, or integrity of Oracle WebLogic Server applications, which use the Apache, Sun, or IIS web server configured with the WebLogic Server plug-ins for Apache, Sun, or IIS servers, respectively.
Severity: Critical
Rationale: Administration
Description: Oracle has released Critical Patch Updates for July 2009 that provide corrective action for potential security vulnerabilities for Oracle JRockit R27.6.3 and earlier JRE and JDK 6, R27.6.3 and earlier JRE and JDK 5.0, R27.6.3 and earlier SDK and JRE 1.4.2. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Administration
Description: Oracle has released Critical Patch Updates for July 2009 that provide corrective action for potential security vulnerabilities for Oracle WebLogic Server 9.0, 9.1, and 9.2.
Severity: Critical
Rationale: Server Outage
Description: Oracle has released Critical Patch Updates for October 2009 that provide corrective action for potential security vulnerabilities for Oracle WebLogic Portal 10.x. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Non-User Viewable Errors
Description: Oracle has released Critical Patch Updates for October 2009 that provide corrective action for potential security vulnerabilities for Oracle WebLogic Portal 9.x. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Non-User Viewable Errors
Description: Oracle has released Critical Patch Updates for October 2009 that provide corrective action for potential security vulnerabilities for Oracle JRockit 1.5.0_19 and 1.6.0_14.Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Administration
Description: Oracle has released Critical Patch Updates for October 2009 that provide corrective action for potential security vulnerabilities for Oracle WebLogic Server 9.0, 9.1, and 9.2. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Server Outage
Description: Oracle has released Critical Patch Updates for October 2009 that provide corrective action for potential security vulnerabilities for Oracle JRockit 1.6.0_14, 1.5.0_19 and 1.4.2_21. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Administration
Description: Oracle has released a Critical Patch Update that provides corrective action for a potential security vulnerability for Oracle WebLogic Server 9.x. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Non-User Viewable Errors
Description: Oracle has released Critical Patch Updates for January 2010 that provide corrective action for potential security vulnerabilities for Oracle WebLogic Server 9.x. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Non-User Viewable Errors
Description: Oracle has released Critical Patch Updates for January 2010 that provide corrective action for potential security vulnerabilities for Oracle WebLogic Server 9.x. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Non-User Viewable Errors
Description: Oracle has released a Critical Patch Update that provides corrective action for a potential security vulnerability for Oracle WebLogic Server 9.x. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Non-User Viewable Errors
Description: Oracle has released Critical Patch Updates for January 2010 that provide corrective action for potential security vulnerabilities for Oracle WebLogic Server 9.x. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Non-User Viewable Errors
Description: Oracle has released Critical Patch Updates for January 2010 that provide corrective action for potential security vulnerabilities for Oracle WebLogic Server 9.x. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Non-User Viewable Errors
Description: Oracle has released Critical Patch Updates for January 2010 that provide corrective action for potential security vulnerabilities for Oracle JRockit 1.6.0_14, 1.5.0_19 and 1.4.2_21. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Administration
Description: Oracle has released a Critical Patch Update that provides corrective action for a potential security vulnerability for Oracle JRockit R27.6.6: JRE/JDK 1.4.2, 5 and 6; R28.0.0, JRE/JDK 5 and 6. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Administration
Description: Oracle has released a Critical Patch Update that provides corrective action for a potential security vulnerability for Oracle WebLogic Server 9.x. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Non-User Viewable Errors
Description: There is no way to set the WeblogicPluginEnabled attribute of the ClusterMBean from the Administration console.This issue has been resolved by providing a check box for setting ClusterMBean's WeblogicPluginEnabled attribute in the advanced setting of the Cluster - > Configuration - > General tab page.
Severity: Minor Warning
Rationale: Not Complying with Specifications
Description: There is no way to set the WeblogicPluginEnabled attribute of the ClusterMBean from the Administration console.This issue has been resolved by providing a check box for setting ClusterMBean's WeblogicPluginEnabled attribute in the advanced setting of the Cluster - > Configuration - > General tab page.This problem, described in Oracle Bug 8130511, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Not Complying with Specifications
Description: To archive configuration files, you must configure the following two parameters:* archive-configuration-count* config-backup-enabledHowever, for Oracle WebLogic Server 9.x, you cannot configure these parameters from the Administration Console.
Severity: Minor Warning
Rationale: Administration
Description: You cannot create more than 100 WTC (Oracle WebLogic Tuxedo Connector) imported services via the Administration Console. If you attempt to do so, the following type of error appears:Errors must be corrected before proceeding. Bean already exists:"weblogic.management.configuration.WTCImportMBeanImpl@13f4e919([C720485]/WTCServers[wtc_zt5]/WTCImports[WTCImportedService-99])"
Severity: Minor Warning
Rationale: Administration
Description: You cannot create more than 100 Oracle WebLogic Tuxedo Connector imported services via the Administration Console. If you attempt to do so, the following type of error appears:Errors must be corrected before proceeding. Bean already exists:"weblogic.management.configuration.WTCImportMBeanImpl@13f4e919([C720485]/WTCServers[wtc_zt5]/WTCImports[WTCImportedService-99])"This problem, described in Oracle Bug 8122138, has been fixed in Oracle WebLogic Server 10.0 Maintenance Pack 1.
Severity: Minor Warning
Rationale: Administration
Description: When deploying a Web Service Definition Language (WSDL) that references a schema from a URI that is not accessible, the Web Service fails to be deployed and is not available to service requests.
Severity: Warning
Rationale: Subsystem Outage
Description: In the console, Policy attachments for Web Services can be specified for "inbound", "outbound" and "both" directions. Any new policies or changes to the direction of the policies get updated to the deployment plan but policies detached from operations are not removed from the deployment plan.
Severity: Minor Warning
Rationale: User Viewable Errors
Description: Only 50 of the LDAP users are displayed on the Oracle WebLogic Server Admin console even if the actual number is greater than 50. Need capability to list more than 50 users or groups from an external LDAP or database in the console
Severity: Minor Warning
Rationale: Administration
Description: In Oracle WebLogic Server versions prior to 10.3, there is no way to dynamically change the cookie name of an Oracle WebLogic Server Administration Console. The workaround is to modify the CookieName in the weblogic.xml file in the console.war.
Severity: Minor Warning
Rationale: Administration
Description: The Oracle WebLogic Server Administration Console does not provide the ability to monitor connection details for a Jolt Connection Pool. This feature was present in previous versions of Oracle WebLogic Server.On Oracle WebLogic Server 8.1, the column Jolt connection is a hyperlink. It is a static HTML on Oracle WebLogic Server 9.1, and there is no other possibility to have Jolt connection info in the console.
Severity: Minor Warning
Rationale: Administration
Description: If you have a Business Service with a dummy email address and you use a payload to overwrite the "To" and "From" portions of the transport header, the "From" portion may not be overwritten. For example, using the following payload:<test:sendMyMail xmlns:test="http://test"> <test:body>string</test:body> <test:from>someone@bea.com</test:from> <test:to>someoneelse@bea.com</test:to></test:sendMyMail>The email arrives at the address defined in the "To" portion, and the "From" address remains the address defined in the Business Service. In other words, the "From" address is not overwritten. Setting "Pass all Headers through Pipeline" does not influence the result.
Severity: Warning
Rationale: Subsystem Outage
Description: In the Admin Console the selection for setting ClusterMBean's WeblogicPluginEnabled attribute is missing in the Cluster - Configuration - General tab page.
Severity: Minor Warning
Rationale: Administration
Description: In the Admin Console the selection for setting ClusterMBean's WeblogicPluginEnabled attribute is missing in the Cluster - Configuration - General tab page.This problem, described in Oracle Bug 8130511, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 1.
Severity: Minor Warning
Rationale: Administration
Description: Applications deployed using the Administration Console Japanese edition cannot be updated because the Active Changes button is missing.
Severity: Minor Warning
Rationale: Not Complying with Specifications
Description: When building Web services, if you have a JavaBean that has multidimensional array property for parameter and result, the JWSC task fails with the following message: [jwsc] [SEVERE] Multidimensional arrays NYI [jwsc] on Java element 'test.ws.multidimensionalarrays.Data.StrArr'
Severity: Minor Warning
Rationale: Not Complying with Specifications
Description: When building Web services, if you have a JavaBean that has multidimensional array property for parameter and result, the JWSC task fails with the following message: [jwsc] [SEVERE] Multidimensional arrays NYI [jwsc] on Java element 'test.ws.multidimensionalarrays.Data.StrArr'This problem, described in Oracle Bug 8131580, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Not Complying with Specifications
Description: While invoking a Web Services Application based on Apache AXIS version 1.3, the following exception is logged:[[ACTIVE] ExecuteThread: '0' for queue:'weblogic.kernel.Default (self-tuning)'] DEBUG [TXID:]org.apache.axis.utils.XMLUtils - Failed to set EntityResolver on DocumentBuilderjava.lang.NullPointerException at weblogic.xml.jaxp.ChainingEntityResolver.popEntityResolver(ChainingEntityResolver.java:61) at weblogic.xml.jaxp.RegistryDocumentBuilder.setEntityResolver(RegistryDocumentBuilder.java:169) ...
Severity: Minor Warning
Rationale: User Viewable Errors
Description: The recent change to the definition of US timezones to remove Daylight Savings Time (DST) awareness has broken basic functionality in date handling in multiple vendor JVMs, including Oracle JRockit 1.4.2_12. This issue affects sites using the three letter abbreviations for the deprecated DST timezone denotations, when using any affected JVM.The DateFormat parser uses the contents of String zoneStrings[][] in class DateFormatSymbols to identify the timezone based on the zone value in the input date string. For example, the zoneStrings[][] array defines "EST" before "America/New_York" and so sets the timezone for the parser to the EST zone, which is now unaware of DST.
Severity: Warning
Rationale: Not Complying with Specifications
Description: The recent change to the definition of US timezones to remove Daylight Savings Time (DST) awareness has broken basic functionality in date handling in multiple vendor JVMs, including Oracle JRockit 1.5.0_08. This issue only affects sites using three-letter abbreviations of DST times zones denotations, which have been deprecated, and any affected JVM.The DateFormat parser uses the contents of String zoneStrings[][] in class DateFormatSymbols to identify the timezone based on the zone value in the input date string.The bug will only have an impact if and only if the application is using the deprecated denotation of three-letter abbreviations for US timezones (for example, EST, MST, or HST).
Severity: Warning
Rationale: Not Complying with Specifications
Description: If you use the Administration Console to enable/disable the SSL option against a server, and the server is accessed through a proxy server, when the changes are activated the accessed URL is hard-coded and redirects to port 7001.IMPACT:If you access the Administration Console through a proxy server, the connection to the Admin Server will be lost, since the URL is redirected to port 7001, which does not access the Console from the client side.
Severity: Minor Warning
Rationale: Administration
Description: If you use the Administration Console to enable/disable the SSL option against a server and the server is accessed through a proxy server, the accessed URL is hard-coded and redirects to port 7001 when the changes are activated.IMPACT:If you access the Administration Console through a proxy server, the connection to the Admin Server will be lost, since the URL is redirected to port 7001, which does not access the Console from the client side.This problem, described in Oracle Bug 8166113, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 3.
Severity: Minor Warning
Rationale: Administration
Description: Special characters are not displayed correctly on the browser. The problem occurs only on Linux (Windows is not affected).Workaround: Add "-Dfile.encoding=ISO8859_1" to the server start params.
Severity: Minor Warning
Rationale: User Viewable Errors
Description: Class-level Generics for EJBs are not supported. EJBs using class-level generics compile successfully in Oracle WebLogic Server 9.1. However, in Oracle WebLogic Server 9.2, the same appc compiler fails and an exception occurs with the following stack trace:location: interface com.rtn.template.ejb.Template_siqdx8_Intfpublic java.util.Collection<T> returnSomething() throwsjava.rmi.RemoteException;
Severity: Warning
Rationale: Not Complying with Specifications
Description: Class-level Generics for EJBS are not supported. EJBs using class-level generics compile successfully in Oracle WebLogic Server 9.1. However, in Oracle WebLogic Server 9.2, the same appc compiler fails and an exception occurs with the following stack trace:location: interface com.rtn.template.ejb.Template_siqdx8_Intfpublic java.util.Collection<T> returnSomething() throwsjava.rmi.RemoteException;This problem, described in Oracle Bug 8031049, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Not Complying with Specifications
Description: When creating a custom object and binding the object to the JNDI tree of a managed server of a two-node cluster, after the custom object is bound, the server log in the managed server shows a ClassCastException.
Severity: Minor Warning
Rationale: Administration
Description: When creating a custom object and binding the object to the JNDI tree of a managed server of a 2 node cluster, after the custom object is bound, the server log in the managed server shows a ClassCastException.This problem, described in Oracle Bug 8141074, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 3.
Severity: Minor Warning
Rationale: Administration
Description: A ClassCastException occurs when deploying an Oracle WebLogic Portal 9.2 application that has been upgraded from Oracle WebLogic Portal 8.1 SP4.When using the "prefer-web-inf-classes" feature, be careful not to mix instances created from the Web application class definition with instances created from the server definition. If you mix such instances, an exception results:<Warning> <Deployer> <BEA-149078> <Stack trace for message 149004weblogic.application.ModuleException: at weblogic.servlet.internal.WebAppModule.prepare(WebAppModule.java:295) ...
Severity: Warning
Rationale: Development
Description: If an application has dynamic proxies as a facade to remote objects, and these dynamic proxies are bound to JNDI for lookup, the application seems to fail with the following ClassCastException:java.lang.ClassCastException: $Proxy0 atweblogic.rmi.extensions.server.ServerHelper.replaceAndResolveRemoteObject(ServerHelper.java:388)...
Severity: Minor Warning
Rationale: User Viewable Errors
Description: If an application has dynamic proxies as a facade to remote objects, and these dynamic proxies are bound to JNDI for lookup, the application seems to fail with the following ClassCastException:java.lang.ClassCastException: $Proxy0 atweblogic.rmi.extensions.server.ServerHelper.replaceAndResolveRemoteObject(ServerHelper.java:388) atweblogic.jndi.internal.WLEventContextImpl.copyObject(WLEventContextImpl.java:388)...This problem, described in Oracle Bug 8083730, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 1.
Severity: Minor Warning
Rationale: User Viewable Errors
Description: Deployment fails and the following ClassCastException is thrown when attempting to deploy an application containing StAX classes:java.lang.ClassCastException: com.ctc.wstx.stax.WstxInputFactoryat javax.xml.stream.XMLInputFactory.newInstance(XMLInputFactory.java:136)at weblogic.servlet.internal.WebAppHelper.addListenerElements(WebAppHelper.java:244)at weblogic.servlet.internal.WebAppHelper$IOHelperImpl.parseXML(WebAppHelper.java:224)...This problem, described in Oracle Bug 8129805, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: User Viewable Errors
Description: Memory leak occurs in the ClassLoader when using side-by-side deployment.
Severity: Minor Warning
Rationale: Administration
Description: Memory leak occurs in the ClassLoader when using side-by-side deployment.This problem, described in Oracle Bug 8152096, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 3.
Severity: Minor Warning
Rationale: Administration
Description: Attempting to access JSP pages located in a directory caused ClassNotFoundException - if the directory name included included space(s).This problem has been resolved. JSP pages located in a directory whose name includes spaces can now be accessed.
Severity: Warning
Rationale: Development
Description: Attempting to access JSP pages located in a directory caused ClassNotFoundException - if the directory name included included space(s).This problem has been resolved. JSP pages located in a directory whose name includes spaces can now be accessed.This problem has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 1
Severity: Minor Warning
Rationale: Development
Description: When monitoring the performance of either the managed or administrative server, errors get logged every ten seconds, which happens to be the time that it takes the performance screen to refresh.
Severity: Minor Warning
Rationale: Administration
Description: When monitoring the performance of either the managed or administrative server, errors are logged every 10 seconds, which happens to be the time that it takes the performance screen to refresh.This problem, described in Oracle Bug 8109123, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Administration
Description: Under load, an HTTPRequest lands on a Server that holds neither the Primary nor the Secondary HTTPSession, which results in a ClassNotFoundException (see below). This also causes end user issues in the environment.The following exception occurs:java.rmi.UnmarshalException: failed to unmarshal classweblogic.cluster.replication.ReplicationManager$ROObject; nested exceptionis: java.lang.ClassNotFoundException: Failed to load classuk.co.igindex.core.common.user.AnonymousUser ...
Severity: Minor Warning
Rationale: Not Complying with Specifications
Description: Under load, an HTTPRequest lands on a Server that holds neither the Primary nor the Secondary HTTPSession, which results in a ClassNotFoundException (see below). This also causes end user issues in the environment.The following exception occurs:java.rmi.UnmarshalException: failed to unmarshal classweblogic.cluster.replication.ReplicationManager$ROObject; nested exceptionis: java.lang.ClassNotFoundException: Failed to load classuk.co.igindex.core.common.user.AnonymousUserThis problem, described in Oracle Bug 8163071, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 3.
Severity: Minor Warning
Rationale: Not Complying with Specifications
Description: When you click on "Customize this table" then navigate to another area in the console without making any changes, you get the "Do you want to save changes" dialog. This appears to be happening in the following pages:JDBC - DataSourceFactoryJDBC - Data SourcesJDBC - Multi Data Sources
Severity: Minor Warning
Rationale: Administration
Description: Oracle WebLogic Server Web services ANT tasks clientgen/wsdlc do not generate a WRAPPED style Document/literal service. The generated interface is always BARE style. Per the original definition, wrapped array is not part of the wrapped element convention. Support is required for a wrapped array to be recognized as a wrapped element.
Severity: Minor Warning
Rationale: Not Complying with Specifications
Description: Oracle WebLogic Server webservices Ant tasks clientgen/wsdlc do not generate a WRAPPED style Document/literal service. The generated interface is always BARE style. Per the original definition, wrapped Array is not part of the wrapped Element convention. There needs to support for wrapped array to be recognized as a wrapped element using a flag.This problem, described in Oracle Bug 8135751, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Not Complying with Specifications
Description: When a server is cloned, all of its settings should be copied to the new server, including the custom keystore and SSL settings. In Oracle WebLogic Server 9.1, the custom keystore and SSL settings are not copied over during the cloning process. As a result, the keystore and SSL settings must be manually configured.
Severity: Minor Warning
Rationale: Administration
Description: Cluster hangs under load. Thread dumps show Muxer threads are blocked when attempting to get the secondary session.
Severity: Minor Warning
Rationale: Administration
Description: During high load tests, Muxer threads can become stuck in both managed servers. Thread dumps report stack similar to the following:'ExecuteThread: '2' for queue: 'weblogic.socket.Muxer'' daemon prio=10 tid=00a1eb68 nid=26 lwp_id=332127 in Object.wait() [4fae8000..4fae76f8] at java.lang.Object.wait(Native Method) - waiting on <6df388f8> (a java.lang.Object) at java.lang.Object.wait(Object.java:474) at weblogic.rjvm.RJVMImpl.ensureConnectionEstablished(RJVMImpl.java:317) - locked <6df388f8> (a java.lang.Object) at weblogic.rjvm.RJVMImpl.getOutputStream(RJVMImpl.java:340) ...This issue occurs due to an issue in the servlet code.
Severity: Critical
Rationale: Administration
Description: During high load tests, Muxer threads can become stuck in both managed servers. Thread dumps report stack similar to the following:'ExecuteThread: '2' for queue: 'weblogic.socket.Muxer'' daemon prio=10 tid=00a1eb68 nid=26 lwp_id=332127 in Object.wait() [4fae8000..4fae76f8] at java.lang.Object.wait(Native Method) - waiting on <6df388f8> (a java.lang.Object) at java.lang.Object.wait(Object.java:474) at weblogic.rjvm.RJVMImpl.ensureConnectionEstablished(RJVMImpl.java:317) - locked <6df388f8> (a java.lang.Object) ...This issue occurs due to an issue in the servlet code.This problem, described in Oracle Bug 8107157, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 3.
Severity: Minor Warning
Rationale: Administration
Description: A cluster has the Oracle WebLogic Plugin enabled, but the FrontEndHost server setting has not been specified. Oracle WebLogic Server uses this setting to specify the host for HTTP responses. If no FrontEndHost server has been specified, Oracle WebLogic Server uses the hostname of the server that processed the request.
Severity: Warning
Rationale: Non-User Viewable Errors
Description: When in-memory session replication is used during failover, there is a possibility of a session loss. This session loss happens because when the primary server goes down, the secondary server detects this event and attempts to promote the session to become primary. However, the thread does not have the correct context ClassLoader. As a result, the session is lost.
Severity: Warning
Rationale: Subsystem Outage
Description: When in-memory session replication is used during failover, there is a possibility of a session loss. This session loss happens because when the primary server goes down, the secondary server detects this event and attempts to promote the session to become primary. However, the thread does not have the correct context ClassLoader. As a result, the session is lost.This problem, described in Oracle Bug 8051482, has been fixed in Oracle WebLogic Server 9.2.
Severity: Minor Warning
Rationale: Subsystem Outage
Description: The Oracle WebLogic Server documentation states that, according to the Servlet 2.4 specifications, you can use a comma separated list of authentication methods in the <login-config> element of a web.xml file. However, when this is implemented, an exception occurs.The exception is as follows:"Invalid auth-method list - CLIENT-CERT,FORM as the auth-method in web.xml, which is not valid. Valid values are BASIC (default), FORM and CLIENT-CERT."This problem, described in Oracle Bug 8115612, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Administration
Description: Compaction of objects is the process of moving objects closer to each other in the heap, thus reducing the fragmentation and making object allocation easier for the JVM. Oracle JRockit compacts a part of the heap at each garbage collection (or old collection, if the garbage collector is generational).It has been observed in Oracle JRockit releases R27.3.1 and R27.4.0 that the compaction is being aborted when it should not be aborted due to the counter not being set to 0 between Garbage Collections.In some cases, the counter will continue to increase until it grows too large, leading to an aborted compaction. Since it is not set to 0, all the following Garbage Collections will be aborted as well.
Severity: Warning
Rationale: Performance
Description: When creating a JSP 2.0 custom tag as a tag file (for example, WEB-INF/tags/test.tagx), if you exclude jsp:attribute, then the test tag is resolved normally. However, if you use jsp:attribute, the following exception occurs:weblogic.servlet.jsp.CompilationException: Failed to compile JSP /WEB-INF/jsp/root.jsproot.jsp:14:6: This tag can only appear as a subelement of a standard or custom action. Exceptions are: jsp:body, jsp:attribute, jsp:expression, jsp:scriptlet, and jsp:declaration. <jsp:attribute name='fragment'> ^ - - - - - -^ at weblogic.servlet.jsp.JavelinxJSPStub.compilePage(JavelinxJSPStub.java:296) at weblogic.servlet.jsp.JspStub.prepareServlet(JspStub.java:200)... >
Severity: Minor Warning
Rationale: Development
Description: Webapp compilation with weblogic.appc takes more time, with 100% CPU usage, as compared with Tomcat (Jasper).
Severity: Warning
Rationale: Performance
Description: In a SIP proxy scenario, client A sends a SIP REFER request to client B, which replies with a SIP 202 message, followed by two NOTIFY (100 trying and 200OK) SIP responses.Oracle WebLogic SIP Server, a proxy between client A and client B, sends a '481 Subscription does not exists' response back to client B, which is not compliant to RFC3515.Instead the NOTIFY or 202 response should be forwarded to client A by the proxy.
Severity: Warning
Rationale: Not Complying with Specifications
Description: Oracle WebLogic Server Administration Console raises a ConcurrentModification exception when accessing a users list or a groups list, if there are too many matches of users or groups for the specified filter.This problem, described in Oracle Bug 8093424, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 1.
Severity: Minor Warning
Rationale: User Viewable Errors
Description: Oracle WebLogic Server Administration Console raises a ConcurrentModification exception when accessing a users list or a groups list, if there are too many matches of users or groups for the specified filter.
Severity: Minor Warning
Rationale: User Viewable Errors
Description: The connector's ConnectionPool class had unsynchronized access to a shared data object. Thus, when multiple threads attempt to update/access the same data object, ConcurrentModificationException is thrown.
Severity: Minor Warning
Rationale: User Viewable Errors
Description: The connector's ConnectionPool class had unsynchronized access to a shared data object. Thus when multiple threads attempt to update/access the same data object, ConcurrentModificationException is thrown.This problem, described in Oracle Bug 8081433, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: User Viewable Errors
Description: Consider the following scenario: * Oracle WebLogic Server 9.0 Server * Oracle WebLogic Server 8.1 SP3 Java client repeated performing the following: - InitialContext creation using security credentials - Lookup using the ContextUnder the scenario above, a call may fail - new InitialContext(hashtable) - fails with java.lang.NullPointerException - Context.lookup(objLookup) - fails with java.lang.ClassCastExceptionThe issue could only be caused if both the following were present: - Use of security credentials - Performing a JNDI lookupThis issue is more apparent when the client and server are on different machines.
Severity: Minor Warning
Rationale: User Viewable Errors
Description: Consider the following scenario: * Oracle WebLogic Server 9.0 Server * Oracle WebLogic Server 8.1 SP3 Java client repeated performing the following: - InitialContext creation using security credentials - Lookup using the ContextSome calls fail with: * new InitialContext(hashtable) - fails with java.lang.NullPointerException * Context.lookup(objLookup) - fails with java.lang.ClassCastExceptionThe issue could only be caused if both the following were present: * Use of security credentials * Performing a JNDI lookupThis issue is more apparent when the client and server are on different machines.This problem, described in Oracle Bug 8078111, has been fixed in Oracle WebLogic Server 9.2.
Severity: Minor Warning
Rationale: User Viewable Errors
Description: A connection pool has been set up to perform all of the following tests:* TestOnCreate* TestOnReserve* TestOnReleaseAs a result of enabling all three of these settings, the connection will be tested when it is retrieved from the pool and then again when it is put back into the pool. This can lead to performance issues in JDBC access code.
Severity: Minor Warning
Rationale: Performance
Description: Could not manage the Jolt connection through the monitoring tab of the JoltConnectionPool in the Oracle WebLogic Server(tm) Administration console.This has been resolved by providing the ability to manage the Jolt connection through the hyperlinks in the Pool Name and Connection columns of the Jolt connection pools monitoring table.
Severity: Minor Warning
Rationale: Administration
Description: Could not manage the Jolt connection through the monitoring tab of the JoltConnectionPool in the Oracle WebLogic Server(tm) Administration console.This has been resolved by providing the ability to manage the Jolt connection through the hyperlinks in the Pool Name and Connection columns of the Jolt connection pools monitoring table.This problem, described in Oracle Bug 8114080, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Administration
Description: It appears that console is not showing the tasks created for capturing diagnostic image.
Severity: Minor Warning
Rationale: Administration
Description: Go into the console and start an edit session.Click on the Domain wide configuration settings link. Enable the flag "Production Mode" and "Activate" your changes.Now start another edit session, disable this flag, and activate your settings.The console now gives an error and does not allow this change to take place.
Severity: Minor Warning
Rationale: Administration
Description: Oracle WebLogic Server 9.2 console is too slow.
Severity: Minor Warning
Rationale: Administration
Description: Oracle WebLogic Server 9.2 console is too slow.This problem, described in Oracle Bug 8128522, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Administration
Description: Localized version of config wizard console mode screen cannot display multi-byte characters correctly in 3 portions.1. TitlesIf titles contain multi-byte characters, the titles exceed the length of underline. This happens if a title has multi-byte characters.2. TablesIf fields in a table contain multi-byte characters, the lattice breaks. This happens if a field has multi-byte characters.3. StringsIf strings contains multi-byte characters, Line Feed (return) is inserted in incorrect position.
Severity: Minor Warning
Rationale: User Viewable Errors
Description: When Production Mode is enabled or disabled with the command line option "-Dweblogic.ProductionModeEnabled=[true
Severity: false]" but the setting does not agree with the config.xml "ProductionMode" setting, the Adminstration Console may show incorrect values for some configuration options. This can occur for any configuration options for which the default values for production mode differ from the default values for development mode.Note: Command line overrides are not persisted in config.xml. The Administration Console shows the configuration attribute values and defaults that correspond to the persisted version in the config.xml file.
Rationale: Warning
Description: Customers receive the following exception when clicking on applications in the Oracle WebLogic Server console in a clustered domain:####<Apr 19, 2007 8:06:02 AM EDT> <Error> <Console> <devapp1.rfiddev.isdtpa.labs.att.com> <AdminServer> <[ACTIVE] ExecuteThread: '11' for queue: 'weblogic.kernel.Default (self-tuning)'> <rfidweblogic> <> <> <1176984362305> <BEA-240003> <Console encountered the following error com.bea.console.exceptions.ManagementException: javax.enterprise.deploy.model.exceptions.DDBeanCreateException: [J2EE Deployment SPI:260142]The descriptor ...Installers, updates, patches and more information are available at support.oracle.com.
Severity: Minor Warning
Rationale: Administration
Description: When the server is started with the option "-Dweblogic.jsp.windows.caseSensitive=true", the console will not open and a "ClassNotFoundException" error is thrown. This error occurs because the LoginForm.jsp file cannot find the LoginForm class in the console.war file, because the compiled class of LoginForm is "loginform" in all lowercase characters.
Severity: Minor Warning
Rationale: Administration
Description: When the server is started with the option "-Dweblogic.jsp.windows.caseSensitive=true", the console will not open and a ClassNotFoundException is thrown. This error occurs because the LoginForm.jsp file cannot find the LoginForm class in the console.war file, because the compiled class of LoginForm is "loginform" in all lowercase characters.This problem, described in Oracle Bug 8056225, has been fixed in Oracle WebLogic Server 9.2.
Severity: Minor Warning
Rationale: Administration
Description: When a Message Driven Bean (MDB) is deployed on a multiserver domain and is listening on a distributed queue, and the MDB is configured to connect to all of the distributed queue members. However, if a remote distributed queue member server is restarted, the deployed MDB server does not reconnect with the remote distributed queue member server.
Severity: Warning
Rationale: Subsystem Outage
Description: If Oracle WebLogic SIP Server receives a message with an empty "Via" header, then a java.lang.NullPointerException can occur, as follows:[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1186999006009> <BEA-330608> <Socket error java.lang.NullPointerException at com.bea.wcp.sip.engine.connector.transport.UdpTransportModule$UdpWorker.setViaHeader(UdpTransportModule.java:696) at com.bea.wcp.sip.engine.connector.transport.UdpTransportModule$UdpWorker.run(UdpTransportModule.java:597) ...The container should not throw a java.lang.NullPointerException. Instead, it should warn with a meaningful message after necessary validation for the above 'Via' header in the response.
Severity: Warning
Rationale: Development
Description: The content of an exported JMS text message may be changed when using the Oracle WebLogic Server Administration Console to import the exported message.
Severity: Minor Warning
Rationale: User Viewable Errors
Description: The content of an exported JMS text message may be changed when using the Oracle WebLogic Server Administration Console to import the exported message.This problem, described in Oracle Bug 8162695, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 3.
Severity: Minor Warning
Rationale: User Viewable Errors
Description: The Oracle WebLogic Server SAAJ implementation does not create a value of "type="text/xml"" as a parameter of the Content-Type header for a SOAP Message.The expected value for Content-Type is as follows:Content-Type: Multipart/Related; boundary="example-1"; type="text/xml"; start=soapPartHowever, the "type="text/xml";" portion of the string is not printed to the header.
Severity: Minor Warning
Rationale: Not Complying with Specifications
Description: The Oracle WebLogic Server SAAJ implementation does not create a value of "type="text/xml"" as a parameter of the Content-Type header for a SOAP Message.The expected value for Content-Type is as follows:Content-Type: Multipart/Related; boundary="example-1"; type="text/xml"; start=soapPartHowever, the "type="text/xml";" portion of the string is not printed to the header.This problem, described in Oracle Bug 8085390, has been fixed in Oracle WebLogic Server 10.0.
Severity: Minor Warning
Rationale: Not Complying with Specifications
Description: If you deploy a Web application as an archived Web Application Archive (WAR) file, context.getRealPath() returns a NULL when called, as specified by the servlet specification. This can lead to failures if the Web application is dependent on the path value.Resolution: Use the getrealpath() method in Oracle WebLogic Server 9.2, and use the flag <show-archived-real-path-enabled>true</show-archived-real-path-enabled>.This is fixed in Oracle WebLogic Server 10, but you must apply the patch in Oracle WebLogic Server 9.2, 9.2.1, 9.2.2, and 9.2.3 to use this flag.
Severity: Minor Warning
Rationale: Administration
Description: If you deploy a Web application as an archived Web Application Archive (WAR) file, context.getRealPath() returns a NULL when called per the servlet specification. This can lead to failures if the Web application is dependent on the path value.Resolution:Use the getrealpath() method in Oracle WebLogic Server 9.2, you must use the flag show-archived-real-path-enabled. This is fixed in Oracle WebLogic Server 10, but you must apply the patch in Oracle WebLogic Server 9.2, 9.2.1, 9.2.2, and 9.2.3 to use this flag.This problem, described in Oracle Bug 8107008, has been fixed in Oracle WebLogic Server 10.0.
Severity: Minor Warning
Rationale: Administration
Description: If you deploy a Web application as an archived Web Application Archive (WAR) file, context.getRealPath() returns NULL when called per the servlet specification. This can lead to failures if the Web application is dependent on the path value.Resolution:Use the getrealpath() method in Oracle WebLogic Server 9.2, you must use the flag show-archived-real-path-enabled. This is fixed in Oracle WebLogic Server 10, but you must apply the patch in Oracle WebLogic Server 9.2, 9.2.1, 9.2.2, and 9.2.3 to use this flag.This problem, described in Oracle Bug 9181232, has been fixed in Oracle WebLogic Server 10.0.
Severity: Minor Warning
Rationale: Administration
Description: If you are using Oracle JRockit in conjunction with a native library that relies on OS signals you may experience crashes due to a signal handling conflict between Oracle JRockit and the native library.Dump stack matches known issue:Thread Stack Trace: at pthread_kill+62()@0xb75c00ee at ptSendSignal+34()@0xb71aedc6 at trapiConvertToDeferredSigsegv+199()@0xb719d207 at trapiSigSegvHandler+40()@0xb719d23c at xehInterpretSavedSigaction+219(amqxerrx.c)@0xb72f276b at xehExceptionHandler+543()@0xb72f2b3f at __libc_sigaction+272()@0xb75c2f80Oracle Engineering found this conflict using IBM's MQSeries native drivers, and it may be present in other libraries that rely on native code.
Severity: Critical
Rationale: Server Outage
Description: Using automatic table creation to deploy EJBs for Sybase results in every column in every table being non-null. As a result, if the EJB create method only takes a few of the Container-Managed Persistence (CMP) fields, creating EJBs fails with the following error:column does not allow nullsThe only column created as NOT NULL should be the primary key column.
Severity: Warning
Rationale: Subsystem Outage
Description: Message-Driven Beans (MDB) that use a local foreign JMS server configuration, fail to use the credentials provided by the foreign JMS server configuration.
Severity: Warning
Rationale: Subsystem Outage
Description: Message-driven beans (MDBs) that use a local foreign JMS server configuration, fail to use the credentials provided by the foreign JMS server configuration.This problem, described in Oracle Bug 8117048, has been fixed in Oracle WebLogic Server 9.1.
Severity: Minor Warning
Rationale: Subsystem Outage
Description: During periodic test of a pool, or if a pool is test on release, the pool temporarily removes a connection from any list where it would be counted in the current capacity of the pool. If a pool is stressed with many threads making and releasing connections, the connection count might fail to include one or two of these connections, allowing the pool to create more than the maximum connections allowed.
Severity: Minor Warning
Rationale: Administration
Description: During periodic test of a pool or if a pool is test-on-release, the pool temporarily removes a connection from any list where it would be counted in the current capacity of the pool. If a pool is stressed with many threads making and releasing connections, the connection count might fail to include one or two of these connections, allowing the pool to create more than the maximum connections allowed.This problem, described in Oracle Bug 8113591, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Administration
Description: A custom global Work Manager defined with the name "default" will not override the system-wide default Work Manager. This results in runtime MBean registration errors.
Severity: Minor Warning
Rationale: Administration
Description: When defining a custom, global Work Manager with the name "default," will not override the system-wide default Work Manager; it causes runtime MBean registration errors.This problem, described in Oracle Bug 8088410, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 1.
Severity: Minor Warning
Rationale: Administration
Description: The application has a DTD mapping using weblogic-application.xml. When the application is deployed as an archive, it fails with the following error:weblogic.xml.registry.XMLRegistryException: Can't read zip entry: dtd/eventRegister.dtd in zip: D:\646827\91app.ear at com.sun.org.apache.xerces.internal.parsers.DOMParser.parse(DOMParser.java:286) at...The application is a regression from Oracle WebLogic Server 8.1, which works fine in both archive and exploded format. In Oracle WebLogic Server 9.x, the same application works in exploded format, but fails as an archive.
Severity: Minor Warning
Rationale: Administration
Description: Shutting down a pool also kills the associated asynchronous connection testing process. When the pool is restarted, the asynchronous testing job does not restart, and the DataSource cannot detect database failures by test frequency until the Oracle WebLogic Server is rebooted.
Severity: Minor Warning
Rationale: Administration
Description: When you shutdown a DataSource from the Administration Console, the operation fails with javax.transaction.SystemException. This behavior occurs when using an XA driver.Workaround or Solution:Use untarget/target instead of shutdown/start operation.
Severity: Minor Warning
Rationale: Administration
Description: When you shutdown a DataSource from the Administration Console, the operation fails with javax.transaction.SystemException. This behavior occurs when using an XA driver.Workaround or Solution:Use untarget/target instead of shutdown/start operation.This problem, described in Oracle Bug 8164163, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 3.
Severity: Minor Warning
Rationale: Administration
Description: The date displayed for date of connections, date of creation, date of reservation, and reserved since date are displaying as "Dec 31, 1969" instead of as "Never."
Severity: Minor Warning
Rationale: User Viewable Errors
Description: A deadlock occurs in FEConnection and FEConnectionRuntimeDelegate class when sending a message to JMS Server using thin client.The following is the thread stack for the deadlock:"[STANDBY] ExecuteThread: '5' for queue: 'weblogic.kernel.Default(self-tuning)'": at weblogic.management.runtime.RuntimeMBeanDelegate.unregisterChildren(RuntimeMBeanDelegate.java:336) - waiting to lock <0x03ae0028> (a weblogic.jms.frontend.FEConnectionRuntimeDelegate) ..."[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default(self-tuning)'": at weblogic.jms.frontend.FEConnection.getSessionMap(FEConnection.java:1278) - waiting to lock <0x03ae0098> (a weblogic.jms.frontend.FEConnection)
Severity: Warning
Rationale: Administration
Description: Deadlock/stuck thread occurs at weblogic.jms.client.JMSConnection.stateChangeListener with the following error: A deadlock has been detected regarding the following object: - weblogic.jms.client.JMSXAConnectionThis error can also occur after a while in production or on heavy load. For example, some stuck threads with the following stack may appear:[STUCK] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)' has been busy for "700" seconds working on the request "weblogic.work.ServerWorkManagerImpl$WorkAdapterImpl@1827d10", which is more than the configured time (StuckThreadMaxTime) of "600" seconds. Stack trace: weblogic.jms.common.CDS.makeChangeEvent(CDS.java:602) weblogic.jms.common.CDS.access$000(CDS.java:25) ...
Severity: Warning
Rationale: Subsystem Outage
Description: A deadlock/stuck thread occurs at weblogic.jms.client.JMSConnection.stateChangeListener, with the following error: A deadlock has been detected regarding the object: - weblogic.jms.client.JMSXAConnectionThis can also occur when running under heavy load. Stuck threads may occur with the following stack:[STUCK] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)' has been busy for "700" seconds working on the request "weblogic.work.ServerWorkManagerImpl$WorkAdapterImpl@1827d10", which is more than the configured time (StuckThreadMaxTime) of "600" seconds. Stack trace: weblogic.jms.common.CDS.makeChangeEvent(CDS.java:602) ...This problem, described in Oracle Bug 8129087, is fixed in Oracle WebLogic Server 9.2 Maintenance Pack 1.
Severity: Minor Warning
Rationale: Subsystem Outage
Description: Deadlock/stuck thread at weblogic.jms.client.JMSConnection.stateChangeListener: A deadlock has been detected regarding the object: - weblogic.jms.client.JMSXAConnection[STUCK] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)' has been busy for "700" seconds working on the request "weblogic.work.ServerWorkManagerImpl$WorkAdapterImpl@1827d10", which is more than the configured time (StuckThreadMaxTime) of "600" seconds.This problem, Oracle Bug 8138174, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 1.
Severity: Minor Warning
Rationale: Subsystem Outage
Description: Java level deadlock between weblogic.deployment.jms.JMSSessionPoolTester and weblogic.deployment.jms.JMSSessionPool reveal in Oracle WebLogic Server Thread dump.
Severity: Critical
Rationale: Server Outage
Description: Java level deadlock between weblogic.deployment.jms.JMSSessionPoolTester and weblogic.deployment.jms.JMSSessionPool reveal in Oracle WebLogic Server Thread dump.
Severity: Minor Warning
Rationale: Server Outage
Description: In a cluster configuration, some clients (about 100) connect as subscriber/publisher for one JMS topic, with each client having its own topic. On another client, C2 is connected as subscriber/publisher to all JMS topics. The C2 client is multithreaded, and each thread opens a connection to one JMS topic. All clients use the T3 protocol, and wlclient.jar and wljmsclient.jar.When delivering disconnect notices, the RMI subsystem obtains a coarse lock on the disconnect listeners set, and then invokes a callback for the disconnect event. The lock is held throughout. The patch to Oracle Bug 8088961 changes the behavior so that the lock is held only for the time required to remove the listener set, and then the callback is invoked. As a result, the deadlock no longer occurs.
Severity: Warning
Rationale: Subsystem Outage
Description: In a cluster configuration, some clients (about 100) connect as subscriber/publisher for one JMS topic, and each client has its own topic. On another client, C2 is connected as subscriber/publisher to all JMS topics. The C2 client is multithreaded, and each thread opens a connection to one JMS topic.All of the clients use T3 protocol and wlclient.jar and wljmsclient.jar. Running a failover test by killing the Oracle WebLogic Server instance where the connections with the C2 client are established, causes a deadlock.The patch to Oracle Bug 8088961 changes the behavior so that the lock is held only for the time required to remove the listener set, and then the callback is invoked. As a result the deadlock no longer occurs.
Severity: Minor Warning
Rationale: Subsystem Outage
Description: Deleting a FileStore associated with a JMSServer relates throws the following exception on the console.Unexpected ExceptionAn unexpected exception has occurred processing your requestMessage: Beanweblogic.management.configuration.FileStoreMBeanImpl@6d099267([mydomain]/FileStores[FileStore@CS1])references [FileStore@CS1 by[mydomain]/JMSServers[JmsServer@CS1]/PersistentStore, FileStore@CS1 by[mydomain]/PathServices[myPathService]/PersistentStore]
Severity: Minor Warning
Rationale: Administration
Description: If you delete a web application from the autodeploy folder when the server is inactive, the config.xml file incorrectly retains an entry for the web application as follows and results in an out-of-sync domain: <app-deployment> <name>_appsdir_Good_webApp_dir</name> <target>AdminServer</target> <module-type>war</module-type> <source-path>autodeploy\Good_webApp</source-path> <security-dd-model>DDOnly</security-dd-model> <staging-mode>nostage</staging-mode> </app-deployment>deleted the cache folder for the admin server.'C:\bea92\user_projects\domains\wls\servers\AdminServer\tmp 'restarted the weblogic server. The webapp still remains deployed.
Severity: Minor Warning
Rationale: Administration
Description: Deleting a channel used by an RDBMS Event Generator can cause a deadlock in the server.
Severity: Critical
Rationale: Administration
Description: weblogic.Deployer does not use previous targets when deploying newer version of the application:1.When using weblogic.Deployer to redeploy a new version of the application,it fails.2.According to the output, because there is not specified a target, it attempts to use the admin instance as a default.Getting the following exceptions:weblogic.management.ManagementException: [Deployer:149119]You cannot specify different targets when deploying a new version 'Newer_v920.beta' of application 'SimpleEAR'. The target(s) specified, '[AdminServer]', is/are different from those of the previous version, '[MS1]'. at weblogic.deploy.internal.adminserver.operations.OperationHelper.validateVersionTargets(OperationHelper.java:535) ...
Severity: Warning
Rationale: Administration
Description: weblogic.Deployer does not use previous targets when deploying newer version of the application:* When using weblogic.Deployer to redeploy a new version of the application,it fails.* According to the output, because there is not specified a target, it attempts to use the admin instance (AdminServer) as a default.* This is contrary to both the documentation for weblogic.Deployer as well as previous version (Oracle WebLogic Server 8.1) in which the existing targets are used when no target is specified.This problem, described in Oracle Bug 8146267, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 3
Severity: Minor Warning
Rationale: Administration
Description: If a custom ELF (Extensible and Linkable Format) field is defined for an HTTP log and the JAR is copied to the $DOMAIN/lib folder, the server startup fails with an exception.
Severity: Minor Warning
Rationale: Development
Description: If a custom ELF (Extensible and Linkable Format) field is defined for an HTTP Log, and the JAR is copied to the $DOMAIN/lib folder, the server startup fails with an exception.This problem, described in Oracle Bug 8101714, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 1.
Severity: Minor Warning
Rationale: Development
Description: When a SOAP array is used as an OUT parameter in a Web service method, deploying a service fails with a ClassNotFoundException because the holder class cannot be found.
Severity: Minor Warning
Rationale: Not Complying with Specifications
Description: The Oracle WebLogic Server's EJB container is not able to handle Oracle WebLogic Server Container-Managed Persistence (CMP) deployment descriptors larger than one MB (for example, the weblogic-cmp-rdbms-jar.xml file is larger than one MB). Deploying an EJB JAR file with large deployment descriptors fails with the following exception:Exception preparing module: EJBModule(abac-entity) Unable to deploy EJB: CommitmentEnvelopeLinkCountryRW from abac-entity.jar: [EJB:011017]Error while reading 'META-INF/weblogic-cmp-rdbms-jar.xml'. The error was: weblogic.ejb20.cmp.rdbms.RDBMSException: java.io.IOException: Resetting to invalid mark at java.io.BufferedInputStream.reset(BufferedInputStream.java:408) at weblogic.ejb.container.cmp.rdbms.Deployer.parseXMLFile(Deployer.java:1006) ...
Severity: Warning
Rationale: Administration
Description: Oracle WebLogic Server's EJB container is not able to handle Container-Managed Persistence (CMP) deployment descriptors larger than one MB, such as the weblogic-cmp-rdbms-jar.xml file. Deploying an EJB JAR file with such large deployment descriptors fails with the following exception:Exception preparing module: EJBModule(abac-entity) Unable to deploy EJB: CommitmentEnvelopeLinkCountryRW from abac-entity.jar: [EJB:011017]Error while reading 'META-INF/weblogic-cmp-rdbms-jar.xml'. The error was: weblogic.ejb20.cmp.rdbms.RDBMSException: java.io.IOException: Resetting to invalid mark ...This problem, described in Oracle Bug 8104252, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 1.
Severity: Minor Warning
Rationale: Administration
Description: When deploying a very large application on Solaris 8 (or 9) using the Oracle WebLogic Server 9.2 console, you find that the deployment time is three times slower than on Oracle WebLogic Server 8.1.
Severity: Warning
Rationale: Development
Description: When deploying a very large application on Solaris 8 (or 9) using the Oracle WebLogic Server 9.2 console, you find that the deployment time is three times slower than on Oracle WebLogic Server 8.1.This problem, described in Oracle Bug 8114093, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Development
Description: When deploying an application, but targeting the modules individually, the application does not get started properly.
Severity: Warning
Rationale: Administration
Description: When deploying an application, but targeting the modules individually, the application does not get started properly.This problem, described in Oracle Bug 8095694, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 1.
Severity: Minor Warning
Rationale: Administration
Description: When deploying an application, but targeting the modules individually, the application does not get started properly.This problem, described in Oracle Bug 8095694, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 1.
Severity: Minor Warning
Rationale: Administration
Description: Deployment fails during compilation, with a ComplianceException occurring in wlappc, as follows:"weblogic.servlet.internal.dd.compliance.ComplianceException: Required file WEB-INF/web.xml not found at weblogic.servlet.jsp.JspcInvoker.compile(JspcInvoker.java:183) at weblogic.application.compiler.AppcUtils.compileWAR(AppcUtils.java:348) at weblogic.application.compiler.WARModule.compile(WARModule.java:78) at weblogic.application.compiler.flow.CompileModuleFlow.compileModules(CompileModuleFlow.java:104) ..."
Severity: Minor Warning
Rationale: Administration
Description: Deployment fails during compilation, with a ComplianceException occurring in wlappc, as follows:"weblogic.servlet.internal.dd.compliance.ComplianceException: Required file WEB-INF/web.xml not found at weblogic.servlet.jsp.JspcInvoker.compile(JspcInvoker.java:183) at weblogic.application.compiler.AppcUtils.compileWAR(AppcUtils.java:348) at weblogic.application.compiler.WARModule.compile(WARModule.java:78) at weblogic.application.compiler.flow.CompileModuleFlow.compileModules(CompileModuleFlow.java:104) ..."This problem, described in Oracle Bug 8086108, has been fixed in Oracle WebLogic Server 9.2.
Severity: Minor Warning
Rationale: Administration
Description: Oracle WebLogic Server 9.1 should be backward compatible with the Oracle WebLogic Server 8.1 deployer. However, the Oracle WebLogic Server 8.1 weblogic.Deployer running on a 1.4.2 JVM cannot deploy to Oracle WebLogic Server 9.1 running on 1.5 JVM. When you configure this type of deployment and test it, the test results in an exception.
Severity: Minor Warning
Rationale: Administration
Description: Oracle WebLogic Server 9.1 should be backward compatible with the Oracle WebLogic Server 8.1 deployer. However, the Oracle WebLogic Server 8.1 weblogic.Deployer running on a 1.4.2 JVM cannot deploy to Oracle WebLogic Server 9.1 running on 1.5 JVM. When you configure this type of deployment and test it, the test results in an exception.This problem, described in Oracle Bug 8086846, has been fixed in Oracle WebLogic Server 9.2.
Severity: Minor Warning
Rationale: Administration
Description: Oracle WebLogic Server 9.1 should be backward compatible with the Oracle WebLogic Server 8.1 deployer. However, the Oracle WebLogic Server 8.1 weblogic.Deployer running on a 1.4.2 JVM cannot deploy to Oracle WebLogic Server 9.1 running on 1.5 JVM. When you configure and test this type of deployment, the test results in an exception.This problem, described in Oracle Bug 8086846, has been fixed in Oracle WebLogic Server 9.2.
Severity: Minor Warning
Rationale: Administration
Description: When deploying a large Web application that has a large number of servlet mappings, the deployment hangs while trying to add the servlet mappings.
Severity: Minor Warning
Rationale: Administration
Description: When deploying a large Web application that has a large number of servlet mappings, the deployment hangs while trying to add the servlet mappings.This problem, described in Oracle Bug 8148113, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 3.
Severity: Minor Warning
Rationale: Administration
Description: The Deployment order for the startup classes is not taken into account while loading them.
Severity: Minor Warning
Rationale: Administration
Description: The Deployment order for the startup classes is not taken into account while loading them.This problem, described in Oracle Bug 8111459, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Administration
Description: When you deploy an application to one target server in a cluster, the application incorrectly gets deployed to all of the servers in the cluster. This error occurs because the JavaScript that selects the appropriate user selection is currently computing the incorrect HTML element that represents the cluster.
Severity: Minor Warning
Rationale: Administration
Description: When an application is deployed using the Administration Console from a symbolic link, the path is resolved to the actual path instead.
Severity: Minor Warning
Rationale: Administration
Description: Oracle WebLogic Server fails to deploy libraries with an exception having the following key items when a managed server tries to start with Managed Server Independence (MSI) mode:BEA-149205Failed to initialize the application 'beehive-controls-1.0 [LibSpecVersion=1.0,LibImplVersion=1.0]' due to errorweblogic.management.DeploymentException: Exception occured while downloading files.
Severity: Minor Warning
Rationale: Administration
Description: Oracle WebLogic Server fails to deploy libraries with an exception having the following key items when a Managed server tries to start with Managed Server Independence (MSI) mode:BEA-149205Failed to initialize the application 'beehive-controls-1.0 [LibSpecVersion=1.0,LibImplVersion=1.0]' due to errorweblogic.management.DeploymentException: Exception occured while downloading files.This problem, described in Oracle Bug 8106942, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Administration
Description: Diagnostic Archive data keeps increasing, which will result in a disk full condition.
Severity: Minor Warning
Rationale: Administration
Description: When JDBC profiling is turned on, it periodically dumps profiling information in the diagnostic store. Enabling it for extended time can cause the diagnostic store to grow. Several customers have run into this issue in production.This looks like the JDBC profiling flags were enabled and this might be one of the causes.The setting the following parameters and disabling the JDBC profile flags have resolved the issue:-Dcom.bea.wlw.netui.disableInstrumentation=true-D_Offline_FileDataArchive=true
Severity: Warning
Rationale: Performance
Description: When trying to capture a diagnostic image on a Managed Server, Oracle WebLogic Server fails with an ImageSourceCreationException error as follows:<BEA-320127> <An error occurred while generating Image Source configuration as part of the diagnostic image zip file:weblogic.diagnostics.image.ImageSourceCreationException: java.lang.NullPointerException at weblogic.management.provider.internal.ConfigImageSource.createDiagnosticImage(ConfigImageSource.java:105)
Severity: Warning
Rationale: Administration
Description: When trying to capture a diagnostic image on a Managed Server, Oracle WebLogic Server fails with an ImageSourceCreationException error as follows:<BEA-320127> <An error occurred while generating Image Source configuration as part of the diagnostic image zip file:weblogic.diagnostics.image.ImageSourceCreationException: java.lang.NullPointerException at weblogic.management.provider.internal.ConfigImageSource.createDiagnosticImage(ConfigImageSource.java:105)This problem, described in Oracle Bug 8088096, has been fixed in Oracle WebLogic Server 10.0.
Severity: Minor Warning
Rationale: Administration
Description: The following Sun internal classes are used in our JAXB code:import com.sun.org.apache.xerces.internal.dom.DocumentImpl;import com.sun.org.apache.xerces.internal.dom.ElementNSImpl;import com.sun.org.apache.xerces.internal.dom.TextImpl;import com.sun.org.apache.xerces.internal.jaxp.datatype.XMLGregorianCalendarImpl;This causes those portions of Enterprise Server that use our JAXB classes (JMS capture, HTTP capture) to break on AIX, which uses IBM's implementation of Java.
Severity: Warning
Rationale: Subsystem Outage
Description: The Domain > Web service Security pages have issues:1. The assistant page has incorrect labels and no screen title.2. The assistant page does not autofill the Name field as it should.3. It is not possible to delete a Web service Security Configuration, and there are no error messages to notify you that the deletion does not work.
Severity: Minor Warning
Rationale: Administration
Description: When you create a new Web service security configuration, then create a new token handler, the token handler configuration page displays the name of a key (for example, webservice.webservicesecurity.tokenhandler.config.className.label.inlinehelp) instead of the Javadoc from the MBeans to the right of the fields. Note that the corresponding pagehelp file, pagehelp\webservice\webservicesecurity\tokenhandler\ConfigureTokenHandler.xml, correctly references the MBean. This indicates that there is a mismatch in what the JSP is looking for and the actual keys in the pagehelp file.
Severity: Minor Warning
Rationale: Administration
Description: When using Config Builder (config_builder.cmd) with the "Create Extension Template" option to generate a template JAR from configurations containing JMS resources, the following issues are observed after the JAR has been generated:(1) The JMS configuration file in the generated template JAR contains duplicatedJMS topic details.(2) Two config.xml files are generated, one in the root directory of the JAR, and one in the /config directory of the JAR. The file generated in the root directory is correct, but the file in the /config directory is missing several details, including the <target> info. Consequently, when the template JAR is used, the incorrect /config/config.xml file is then used.
Severity: Minor Warning
Rationale: Administration
Description: Under load, RFID Enterprise Server 2.0 experiences bad performance issues, specifically a drop in performance shortly after the 10-minute mark, and a long-term degradation in performance over time.
Severity: Warning
Rationale: Administration
Description: When a Oracle WebLogic Server Webservice has two operations in it and each operation takes one XMLBean, and these XSDs include an XML type via <xs:include> statement, it results in the following error when publishing the Web service to the server:weblogic.wsee.ws.WsException: Failed to create binding providersch-props-correct.2: Duplicate global type: Item@http://www.sample.org/model (Original global type found in file:URI_SHA_1_26F162A02C0B8E453B3528125B8B9A9E38A76D2C/SaleService.wsdl) at weblogic.wsee.ws.WsBuilder.createRuntimeBindingProvider(WsBuilder.java:355)This problem, described in Oracle Bug 8192827, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 3.
Severity: Minor Warning
Rationale: Development
Description: During automatic migration when the managed server starts if its administration server is not running it may take a long time for the managed server to start.To minimize the time of the managed server startup set theweblogic.security.embeddedLDAPConnectTimeout property on the managed server to specify an appropriate duration for the connection timeout. The value for this property represents seconds.This problem, described in Oracle Bug 8129103, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Warning
Rationale: Performance
Description: During automatic migration when the managed server starts if its administration server is not running it may take a long time for the managed server to start.To minimize the time of the managed server startup set the:weblogic.security.embeddedLDAPConnectTimeout property on the managed server to specify an appropriate duration for the connection timeout. The value for this property represents seconds.This problem, described in Oracle Bug 8129103, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Performance
Description: In Oracle WebLogic SIP Server 3.0:Under heavy load after a transport overload ends, a java.lang.NullPointerException occurs, as follows:<Nov 15, 2006 1:21:03 PM PST> <Notice> <WLSS.Transport> <BEA-330637> <Transport overload protection has ended.><Aug 23, 2007 3:53:57 PM CEST> <Error> <WLSS.Engine> <BEA-330101> <Exception while processing messages for call id: 29425-17908@111.222.33.44 java.lang.NullPointerException atcom.bea.wcp.sip.engine.server.MessageHandler$MessageQueue.processMessages(MessageHandler.java:212)...
Severity: Warning
Rationale: Development
Description: In Oracle WebLogic Server 8.1 Maintenance Pack 5, it was possible to disable the writing of system properties to the Oracle WebLogic Server log file by using the -Dweblogic.management.noLogSystemProperties=true parameter.However, after upgrading to Oracle WebLogic Server 9.x, this setting no longer has any effect.
Severity: Minor Warning
Rationale: Performance
Description: An incorrect dynamic Web Service Definition Language (WSDL) location address is generated when a Web service is deployed on a cluster with multiple front-end hosts and ports. A new property, weblogic.wsee.useRequestHost, has been introduced in Oracle WebLogic Server 9.2.1 that allows generation of the WSDL location address either from the host header or by following the topology design.
Severity: Minor Warning
Rationale: Administration
Description: An incorrect dynamic WSDL location address is generated when a Web Service is deployed in a cluster with multiple front-end hosts and ports.
Severity: Warning
Rationale: Administration
Description: An incorrect dynamic Web Service Definition Language (WSDL) location address is generated when a Web Service is deployed in a cluster with multiple front-end hosts and ports.This problem, described in Oracle Bug 8103127, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 1.
Severity: Minor Warning
Rationale: Administration
Description: In Oracle WebLogic Server 9.2, a stuck situation can occur between a client and an EJB session. The problem happens if the client application and the EJB are deployed on different JVMs. For a standalone Java the issue can be resolved by using the wlclient.jar on the first order in the Application Classpath. However, for a client application that is running on a different JVM, the Stuck behavior still persists.You could see the following exception:java.rmi.UnmarshalException: Method not found: 'newMethod(Ljava.lang.String;)' at @ weblogic.rmi.internal.MethodDescriptor.getCanonical(MethodDescriptor......
Severity: Critical
Rationale: Server Outage
Description: The EJB QL parser does not allow the use of the UPPER and LOWER functions in the ORDER BY and GROUP BY clauses in an EJB QL query.
Severity: Warning
Rationale: Subsystem Outage
Description: An EJB error is reported in afterCompletion, with the server log error similar to the following, even though the primary key is in place:[EJB:010108]The EJB Lock Manager has received an unlock request from EJB:sims.ejb.GridSetupLEB with primary key:CCM. However, this primary key could not be found in the Lock Manager.This indicates either an EJB container bug, or the equals and hashCode methods for the primary key class:com.sims.ejb.user.UserPK are implemented incorrectly. Please check the equals and hashCode implementations.javax.ejb.EJBException: [EJB:010108]The EJB Lock Manager has received an unlock request from EJB:sims.ejb.GridSetupLEB with primary key:CCM. ...
Severity: Minor Warning
Rationale: Administration
Description: An EJB error is reported in afterCompletion, even though the primary key is properly in place. The server log contains errors similar to the following:Ignoring error in afterCompletion. Object=weblogic.ejb.container.internal.TxManager$TxListener@17022f6, Exception=javax.ejb.EJBException: [EJB:010108]The EJB Lock Manager has received an unlock request from EJB:sims.ejb.GridSetupLEB with primary key:CCM. However, this primary key could not be found in the Lock Manager.This indicates either an EJB container bug, or the equals and hashCode methods for the primary key class:com.sims.ejb.user.UserPK are implemented incorrectly ...This problem, described in Oracle Bug 8099609, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 3.
Severity: Minor Warning
Rationale: Administration
Description: After migrating Oracle WebLogic Servers to version 9.2 Maintenance Pack 2, some standalone clients that use the 9.2 Maintenance Pack 1 version of the weblogic.jar are unable to access EJBs located on the 9.2 Maintenance Pack 2 Server.This applies only to some remote EJB methods that have methods containing generic list arguments.The issue does not occur with wlclient.jar on the client side.
Severity: Warning
Rationale: Development
Description: EJB-based Web Service leaks EJB beans when the message handler throws an exception. If the SOAP message handler encounters any exception, it fails to release the associated service bean from the cache, which will lead to the leak.
Severity: Critical
Rationale: Subsystem Outage
Description: The EJBs in EJB-based Web services leak when the message handler throws an exception. If the SOAP message handler encounters an exception, it fails to release the associated service bean from the cache, which will lead to the leak.This problem, described in Oracle Bug 8102108, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 1.
Severity: Minor Warning
Rationale: Subsystem Outage
Description: The main reason of this error "java.io.IOException: Failed in epoll_wait: Function not implemented" is the absence of EPOLL in Red Hat Linux version 3.0.EPOLL does not exist in Red Hat Enterprise Linux version 3.0. This is a feature of the 2.6 kernel. Red Hat Enterprise Linux version 3 is based on the 2.4 Linux kernel. The EPOLL functionality was unable to be back ported to the 2.4 kernel due to issues with maintenance of the Application Binary Interface (ABI).EPOLL should be available in versions of Red Hat Enterprise Linux that use the 2.6 kernel or later, such as Red Hat Enterprise Linux 4. The Red Hat Enterprise Linux 4 ISO files are available to download to subscribers from Red Hat Network (RHN).
Severity: Warning
Rationale: Administration
Description: ejbHomeQuery causes NullPointerException in the EJB container.
Severity: Minor Warning
Rationale: Administration
Description: ejbHomeQuery causes NullPointerException in the EJB container.This problem, described in Oracle Bug 8115318, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 3.
Severity: Minor Warning
Rationale: Administration
Description: When an email with an attachment is received by Oracle Service Bus, the email may not be handled properly. Instead, a NullPointerException similar to the following may be thrown:<Apr 12, 2007 5:02:44 PM EDT> <Error> <WliSbTransports> <machine> <AdminServer> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1176411764962> <BEA-381014> <Error occurred for endpoint ProxyService$EmailProcessor$ProxyServices$InboundEmailProcessor java.lang.NullPointerExceptionThe Oracle Bug 8116727 patch fixes this issue.
Severity: Warning
Rationale: Administration
Description: Embedded LDAP server data files are not backed up at the configured time.Backup of LDAP files is performed as a scheduled activity. However, after the first scheduled backup, the timer that triggers the next backup fails to be set, so the next scheduled backup activity does not take place. This behavior occurs in Oracle WebLogic Server 9.0, 9.1, and 9.2.
Severity: Warning
Rationale: Administration
Description: Embedded LDAP server data files are not backed up at the configured time.Backup of LDAP files is performed as a scheduled activity. However, after the first scheduled backup, the timer that triggers the next backup fails to be set, so the next scheduled backup activity does not take place. This behavior occurs in Oracle WebLogic Server 9.0, 9.1, and 9.2.This problem, described in Oracle Bug 8066295, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 1.
Severity: Minor Warning
Rationale: Administration
Description: In the Domain Configuration Wizard of the Oracle WebLogic Server Adminstration Console, you can select "All Local Addresses" for the NodeManager listen address. However, with that configuration, the Configuration Wizard generates the following field, in which the listen address can be empty:<node-manager><name>new_Machine_1</name><listen-address/></node-manager>With an empty host name specified for the Node Manager, if you open the Admin Console and select [Environment] -> [Servers], an error stack is shown in the server log. According to the error message, an empty host name is not allowed for the Node Manager.
Severity: Minor Warning
Rationale: Administration
Description: Signature reference validation fails if encrypted data contains special characters (for example, '&').
Severity: Warning
Rationale: Subsystem Outage
Description: As of June 30, 2005, Microsoft has announced the end of mainstream support for the following platforms:* Windows 2000 Server* Advanced Server* Datacenter ServerOracle will continue supporting Oracle applications (for example Oracle JRockit on these platforms) at least through December 2006. A final notice of the end of support for Oracle JRockit on Windows 2000 will appear at least 12 months before the actual end of support.Note: Support for any Windows-specific issues must addressed by Microsoft via their extended support services.
Severity: Warning
Rationale: Not Complying with Specifications
Description: Oracle stopped supporting Red Hat Linux 2.1 on April 30, 2006.
Severity: Warning
Rationale: Not Complying with Specifications
Description: Enhancement to add deployment descriptor to turn off passivation/activation during replication of Stateful Session Bean (SFSB) in cluster.A new flag <passivate-during-replication> is added to weblogic-ejb-jar.xml. This flag is part of <stateful-session-descriptor> as below:<!ELEMENT stateful-session-clustering ( home-is-clusterable?, home-load-algorithm?, home-call-router-class-name?, use-serverside-stubs?, replication-type?, passivate-during-replication?)>Set the flag to 'false' to avoid passivation/activation during SFSB replication. The default value for the flag is 'true'.
Severity: Minor Warning
Rationale: Administration
Description: When using the portal visitor tools, portlets residing in entitled portlet categories are still visible to non-entitled users when initially viewing and arranging the portlets. This occurs prior to selecting the "add content" button within the visitor tools.
Severity: Critical
Rationale: Administration
Description: When using the portal visitor tools, portlets residing in entitled portlet categories are still visible to nonentitled users when initially viewing and arranging the portlets. This occurs prior to selecting the "add content" button within the visitor tools.This problem, described in Oracle Bug 8114802, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 1.
Severity: Minor Warning
Rationale: Administration
Description: EJBs with many-to-many unidirectional relationships in Oracle WebLogic Server 9.0 throws a warning to the server. The equivalent (barring annotation differences) application in Oracle WebLogic Server 8.1 produces no warning or a NullPointerException error.
Severity: Warning
Rationale: Administration
Description: An error, Error adding FD to epoll, occurs while starting the Oracle WebLogic Server on Oracle JRockit with any 2.6 Linux Kernel version. The error you will see is similar to:####<10:44:04 AM EDT> <Error> <Socket> <XXXXXXX> <AdminServer> <ExecuteThread: '0' for queue: 'weblogic.socket.Muxer'> <<Oracle WebLogic Server Kernel>> <> <> <1146494644744> <BEA-000405> <Uncaught Throwable in processSockets weblogic.utils.NestedError: Error adding FD to epoll.weblogic.utils.NestedError: Error adding FD to epoll...This problem, described in Oracle Bug 8082331, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 3.
Severity: Minor Warning
Rationale: User Viewable Errors
Description: An error, Error adding FD to EPOLL, occurs while starting the Oracle WebLogic Server on Oracle JRockit with any 2.6 Linux Kernel version. The error you will see is similar to:####<10:44:04 AM EDT> <Error> <Socket> <XXXXXXX> <AdminServer> <ExecuteThread: '0' for queue: 'weblogic.socket.Muxer'> <<WLS Kernel>> <> <> <1146494644744> <BEA-000405> <Uncaught Throwable in processSockets weblogic.utils.NestedError: Error adding FD to epoll.weblogic.utils.NestedError: Error adding FD to epoll...
Severity: Warning
Rationale: User Viewable Errors
Description: An error, Error adding FD to epoll, occurs while starting the Oracle WebLogic Server on Oracle JRockit with any 2.6 Linux Kernel version. The error is similar to:####<10:44:04 AM EDT> <Error> <Socket> <XXXXXXX> <AdminServer> <ExecuteThread: '0' for queue: 'weblogic.socket.Muxer'> <<Oracle WebLogic Server Kernel>> <> <> <1146494644744> <BEA-000405> <Uncaught Throwable in processSockets weblogic.utils.NestedError: Error adding FD to epoll.weblogic.utils.NestedError: Error adding FD to epoll...This problem, described in Oracle Bug 8189643, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 3.
Severity: Minor Warning
Rationale: User Viewable Errors
Description: Oracle Service Bus Service proxy runs an XQuery transformation. During performance testing, after a period of time or of load or both, one proxy fails, with error code BEA-382513. The underlying exception is:java.lang.IllegalStateException at weblogic.xml.query.compiler.Variable.createRTVariables(Variable.java:151) at weblogic.xml.query.compiler.Expression.createRunTimeVariables(Expression.java:570) at weblogic.xml.query.compiler.Expression.codeGen(Expression.java:392)
Severity: Warning
Rationale: Subsystem Outage
Description: When the domain files are stored in a shared network location, and the domain root directory is specified using the UNC format(i.e., -Dweblogic.RootDirectory=\\machinename\foldername\domain), the server starts as expected. However, when attempting to navigate in the Administration Console, the following exception occurs:java.util.zip.ZipException: The system cannot find the path specified at java.util.zip.ZipFile.open(Native Method) at java.util.zip.ZipFile.<init>(ZipFile.java:204) at java.util.zip.ZipFile.<init>(ZipFile.java:235) ....................
Severity: Minor Warning
Rationale: User Viewable Errors
Description: When the domain files are stored in a shared network location, and the domain root directory is specified using the UNC format(i.e., -Dweblogic.RootDirectory=\\machinename\foldername\domain), the server starts as expected. However, when attempting to navigate in the Administration Console, the following exception occurs:java.util.zip.ZipException: The system cannot find the path specified at java.util.zip.ZipFile.open(Native Method) at java.util.zip.ZipFile.<init>(ZipFile.java:204) at java.util.zip.ZipFile.<init>(ZipFile.java:235) ....................This problem, described in Oracle Bug 8109928, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: User Viewable Errors
Description: While using Oracle WebLogic Server Web service stack and attempting to take advantage of the SAML assertion as signed by SOATest, an error occurs when Oracle WebLogic Server validates the signature. The problem occurs regardless if the client and Oracle WebLogic Server are running on Windows XP or Solaris 9. The SAML standard used is V1.1.There is a CR/LF inserted by the client between the SignatureValue end tag and the Signature tag:</ds:SignatureValue></ds:Signature>If the CR/LF is removed, there is no problem. SOATest version 5.1 is able to sign SAML assertions and this is the version used for the testing. Prior SOATest versions could not sign SAML.
Severity: Minor Warning
Rationale: Not Complying with Specifications
Description: While using Oracle WebLogic Server Web Service stack, and attempting to take advantage of the SAML assertion as signed by SOATest, an error occurs when Oracle WebLogic Server validates the signature. The problem occurs regardless if the client and Oracle WebLogic Server are running on Windows XP or Solaris 9. The SAML standard used is V1.1.There is a CR/LF inserted by the client between the SignatureValue end tag and the Signature tag:</ds:SignatureValue></ds:Signature>If the CR/LF is removed, there is no problem.
Severity: Minor Warning
Rationale: Not Complying with Specifications
Description: Schema enumeration types are not handled properly in the XBeans used by Oracle WebLogic Integration when generating JAX-RPC style objects from a Web Service Definition Language (WSDL) file. Per the JAX-RPC specifications, the generated JAVA types should not have a default constructor that is public. Since XBeans validate that Java Type objects have a default public constructor before binding them with the XML Schema objects, these special type JAX-RPC Java Objects fail to validate, causing the build error in Oracle WebLogic Integration.Example of a build error:'Type com.frk.middleware.xmlschemas.contactmodifyprofile.v100.ActionType has no default constructor and cannot be unmarshalled from XML.'
Severity: Critical
Rationale: Not Complying with Specifications
Description: Schema enumeration types are not handled properly in XBeans implementation (used by Oracle WebLogic Integration) when generating JAX-RPC style objects from a Web Service Definition Language (WSDL) file. Oracle Bug 8144075 has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 3.
Severity: Minor Warning
Rationale: Not Complying with Specifications
Description: eDocs for Oracle WebLogic Server 9.1 (http://download.oracle.com/docs/cd/E13222_01/wls/docs91/lockdown/secure.html) suggest running Oracle WebLogic Server with the JRE instead of the Java SDK.Following the advice, if we remove the JDK and start Oracle WebLogic Server 9.1 or 9.2 using theJRE, and when a simple precompiled JSP is deployed and accessed the following error is logged:java.lang.NoClassDefFoundError: com/sun/mirror/declaration/DeclarationThis missing class is actually contained in the "tools.jar" from JDK 1.5, and is not available in the JRE.If tools.jar is included, then there will be no difference in using the Oracle WebLogic Server with Java SDK or not.
Severity: Minor Warning
Rationale: Administration
Description: The eDocs for Oracle WebLogic Server 9.1 (http://download.oracle.com/docs/cd/E13222_01/wls/docs91/lockdown/secure.html) suggest running Oracle WebLogic Server with the JRE instead of the Java SDK.When a simple precompiled JSP is deployed and accessed the following error is logged :java.lang.NoClassDefFoundError: com/sun/mirror/declaration/DeclarationThis problem, described in Oracle Bug 8094051, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Administration
Description: Errors occur when using cached remote home of new redeployed Stateless EJBs.The following is an example scenario in which this can occur:1. Two Oracle WebLogic Server 9.2 Maintenance Pack 1 domains are created.2. Business services implemented as Stateless EJBs are deployed on domain1.3. Other business services using those of domain1 are implemented on domain2.Business services on domain2 place the Remote Home EJB object from domain1 into the cache, so that domain2 does not look up home objects needlessly. Unfortunately, when redeploying business services on domain1, services on domain2 no longer work for the first call, but do work for the second call.
Severity: Warning
Rationale: Performance
Description: If you specify the listen address explicitly, creating or viewing the Event Generator tab in the Oracle WebLogic Integration Console causes a ManagementException and a ConnectException to be thrown. This occurs because the server listens only at the specified address, while the console uses "localhost" to access the server.
Severity: Critical
Rationale: Development
Description: If you specify the listen address explicitly, creating or viewing the Event Generator tab in the Oracle WebLogic Integration Console causes a ManagementException and a ConnectException to be thrown. This occurs because the server listens only at the specified address, while the console uses "localhost" to access the server.This problem, described in Oracle Bug 8120430, has been fixed in Oracle WebLogic Server 10.3.
Severity: Minor Warning
Rationale: Development
Description: The java.lang.NullPointerException occurs if an application tries to log a message using weblogic.logging.ConsolFormatter that was instantiated using the default constructor.
Severity: Minor Warning
Rationale: Administration
Description: The java.lang.NullPointerException occurs if an application tries to log a message using weblogic.logging.ConsolFormatter that was instantiated using the default constructor.This problem, described in Oracle Bug 8140586, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 3.
Severity: Minor Warning
Rationale: Administration
Description: Enabling server-debug for only some members of a cluster results in the following Multicast socket receive error from the HeartbeatMessages: java.io.EOFException
Severity: Minor Warning
Rationale: Administration
Description: Per the EJB specification, any business exception thrown from business methods needs to be handled at the client end (that is, the business exception propagates to the client end without any intervention from the server).However, when implementing a Web service using an EJB, with a business exception thrown from the exposed methods, the business exception thrown is propagated to client; but, an exception stack trace is also getting generated in the server log.This results in unneccessary growth of server logs.NOTE: The following flag suppresses the error message from the logs:-Dweblogic.wsee.component.exception=false
Severity: Minor Warning
Rationale: Administration
Description: The Deployment Control page in the Oracle WebLogic Server Administration Console supports navigating into the modules, Web Services, and EJBs within a deployment. When a deployment is expanded, the ability to navigate to previous or next pages in the deployment control table is disabled and the page number information is incorrect.
Severity: Warning
Rationale: Administration
Description: Microsoft explicitly spells out the default value of the assertion whenadvertising the policy (export).Arguments: One of the following policy intersect problems may occur if the value is not specified: false positive, unable to distinguish cases of 'no policy defined' and 'default value'.
Severity: Minor Warning
Rationale: Not Complying with Specifications
Description: Expression language variables exposed by the TAGX caused JSPX compilation to fail.
Severity: Warning
Rationale: Development
Description: Expression language variables exposed by the TAGX caused JSPX compilation to fail.This problem has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 1.
Severity: Minor Warning
Rationale: Development
Description: During deployment using DynamicUpdateOperation, Application MBeans are nulled out.Replication Steps:1. After four or five partial builds, Workshop fails to publish. Usually, but not always, the error is related to the fact that the root web application could not be deployed.2. While building the publishing fails.3. Then, as an attempted workaround, the following steps were taken: a. Shutdown server. b. Close Workshop. c. Delete the domain "tmp" folder on the admin server. d. Delete both the apt_src and build folder for the projects. e. Restart Workshop. f. Perform a complete clean up. g. Perform a complete build. h. Restart the server.However, this procedure works sometimes. When it fails, you must repeat steps 3.f and 3.g multiple times.
Severity: Critical
Rationale: Development
Description: During deployment using DynamicUpdateOperation, Application MBeans are nulled out.Replication Steps:1. After four or five partial builds, Workshop fails to publish. Usually, but not always, the error is related to the fact that the root web application could not be deployed.2. While building the publishing fails.3. Then, as an attempted workaround, the following steps were taken: a. Shutdown server. b. Close workshop. c. Delete the domain "tmp" folder on the admin server. d. Delete both the apt_src and build folder for the projects. e. Restart Workshop. f. Perform a complete clean up. g. Perform a complete build. h. Restart the server.However, this procedure works sometimes. When it fails, you must repeat steps 3.f and 3.g multiple times.
Severity: Minor Warning
Rationale: Development
Description: Oracle WebLogic Server Managed Server fails to load the earlier deployed libraries with the following exception when it is being started in MSI (Managed Server Independence) mode:####<Oct 30, 2006 5:49:17 PM JST> <Error> <Deployer> <XXXXXX> <XXXXXXX> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<Oracle WebLogic Server Kernel>> <> <> <1162198157203> <BEA-149205> <Failed to initialize the application 'XXXXXX' due to error weblogic.management.DeploymentException: Exception occured while downloading files.weblogic.management.DeploymentException: Exception occured while downloading files at weblogic.deploy.internal.targetserver.datamanagement.AppDataUpdate.doDownload(AppDataUpdate.java:43) .....
Severity: Minor Warning
Rationale: Administration
Description: In Oracle JRockit R27.1, the class bytes preprocessing facility was changed to allow for recursive preprocessing. This meant that a class preprocessor instance that was currently doing class preprocessing and through this caused a new class to be loaded would be recursively called with the new class bytes. This caused failures in some existing preprocessor implementations that relied on the old behavior of JRockit R27.1. In Oracle JRockit R27.5, this has been reverted. A thread doing class preprocessing will now silently refuse to preprocess any types created by executing the preprocessor itself.For example, in Oracle SOA Manager (ALSM), the error "Nanoagents not loading" occurs when used with Oracle JRockit R27.3.1.
Severity: Warning
Rationale: Subsystem Outage
Description: Repeated occurrence of missed RJVM heartbeat errors in Admin Server logs as shown below, when managed server(s) have an outbound channel enabled and configured with t3/t3s protocol.Missed heartbeat RJVM error in AdminServer log(managed server running healthy):.....Failure in heartbeat trigger for RJVM: -1397576259334623576S:111.222.333.444:[7030,7030,-1,-1,-1,-1,-1]:tf7domain:TF701_1java.io.IOException: The connection manager to ConnectionManager for: 'weblogic.rjvm.RJVMImpl@149d226 - id: '-1397576259334623576S:111.222.333.444:[7030,7030,-1,-1,-1,-1,-1]:tf7domain:TF701_1' connect time: 'Tue May 22 16:53:57 CEST 2007'' has already been shut down. at weblogic.rjvm.ConnectionManager.getOutputStream(ConnectionManager.java:1663) ...
Severity: Warning
Rationale: User Viewable Errors
Description: Repeated occurrence of missed RJVM heartbeat errors in Admin Server logs, when managed server(s) have an outbound channel enabled and configured with t3/t3s protocol.This problem, described in Oracle Bug 8065523, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 3.
Severity: Minor Warning
Rationale: User Viewable Errors
Description: Repeated occurrence of missed RJVM heartbeat errors in Admin Server logs, when managed server(s) have an outbound channel enabled and configured with t3/t3s protocol.This problem, described in 8065523, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 3.
Severity: Minor Warning
Rationale: User Viewable Errors
Description: Error when starting server (sample server log excerpt is shown below), thus preventing initialisation of the JMS server:weblogic.application.ModuleException: [Management:141213]An attempt to initialize property FlowMinimum failed because of java.lang.IllegalArgumentException: FlowMinimum has to be less than FlowMaximum at weblogic.jms.frontend.FEConnectionFactory.initialize(FEConnectionFactory.java:370) at weblogic.jms.frontend.FEConnectionFactory.prepare(FEConnectionFactory.java:1530) ...
Severity: Minor Warning
Rationale: Subsystem Outage
Description: Error when starting server prevents initialisation of the JMS server:Failed to deploy a JMS connection factory "dfpSystemModule\!dfpConnectionFactory" due to weblogic.application.ModuleException: [Management:141213]An attempt to initialize property FlowMinimum failed because of java.lang.IllegalArgumentException: FlowMinimum has to be less than FlowMaximum.weblogic.application.ModuleException: [Management:141213]An attempt to initialize property FlowMinimum failed because of java.lang.IllegalArgumentException: FlowMinimum has to be less than FlowMaximum at weblogic.jms.frontend.FEConnectionFactory.initialize(FEConnectionFactory.java:370)...This problem, described in Oracle Bug 8119451, has been fixed in Oracle WebLogic Server 10.0.
Severity: Minor Warning
Rationale: Subsystem Outage
Description: Oracle WebLogic Server Managed Server fails to load the earlier deployed libraries with the following exception when it is being started in Managed Server Independence (MSI) mode:[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1162198157203> <BEA-149205> <Failed to initialize the application 'XXXXXX' due to error weblogic.management.DeploymentException: Exception occured while downloading files.weblogic.management.DeploymentException: Exception occured while downloading files at weblogic.deploy.internal.targetserver.datamanagement.AppDataUpdate.doDownload(AppDataUpdate.java:43) .....This problem, described in Oracle Bug 8106942, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Administration
Description: The page Module -> Distributed Destination -> General should contain a field to configure the UnitOfOrder Routing policy. The relevant Bean and attributes are DistributedDestinationBean.setUnitOfOrderRouting().
Severity: Minor Warning
Rationale: Administration
Description: When a File Event Generator has been configured to poll a directory at a regular interval, it is possible that it may attempt to process that file while it is being updated.This can happen if the polling interval is set to less time than it takes to complete a file upload to the polling directory. As a result, the file will be archived to the polling directory with incomplete data and processes will be invoked using this incomplete data.
Severity: Warning
Rationale: Subsystem Outage
Description: When a File Event Generator has been configured to poll a directory at a regular interval, it is possible that it may attempt to process that file while it is being updated.This can happen if the polling interval is set to less time than it takes to complete a file upload to the polling directory. As a result, the file will be archived to the polling directory with incomplete data and processes will be invoked using this incomplete data.This problem, described in Oracle Bug 8189304, has been fixed in Oracle WebLogic Server 10.0 Maintenance Pack 1.
Severity: Minor Warning
Rationale: Subsystem Outage
Description: When uploading an application with a non-ASCII name in the Oracle WebLogic Server Administration Console, the file name appears garbled.
Severity: Minor Warning
Rationale: Administration
Description: The file name set as a header in the FTP transport is not honored by Oracle Service Bus 2.5/2.6. Instead, the file name uses the format: Prefix + "-" + GUID + "-" + filename + SuffixHere, the prefix and suffix are required, while the filename is optional.The patch to Oracle Bug 8123250 changes this behavior so that the FTP transport now works in the following way:- Prefix and Suffix are now optional- GUID (message id) is used in filename only if filename header is not set in the pipeline at runtime.- The filename generated is either:<prefix>+<filename from header>+<suffix>or<prefix>+<GUID>+<suffix>- A file that exists in the FTP server with the same generated filename is overwritten.On applying the patch, users are advised to clear the server cache.
Severity: Warning
Rationale: Administration
Description: When using Oracle WebLogic Tuxedo Connector with Oracle WebLogic Server 9.2, the FmlXmlCnv.XMLtoFML32 method fails to convert the XML to FML32 if an element of the VIEW32 buffer includes an ampersand ("&").
Severity: Warning
Rationale: Development
Description: When a Foreign JNDI connection between two Oracle WebLogic Server domains in a cluster is attempted, the server in the calling domain fails to start with following exception. This is due to the Foreign JNDI Manager service being started prior to cluster services starting.Server subsystem failed. Reason: java.lang.NullPointerExceptionjava.lang.NullPointerExceptionat weblogic.cluster.ServiceAdvertiser.announceOffer(ServiceAdvertiser.java:117)at weblogic.cluster.ServiceAdvertiser.offerService(ServiceAdvertiser.java:70)...
Severity: Warning
Rationale: Administration
Description: When a Foreign JNDI connection between two Oracle WebLogic Server domains in a cluster is attempted, the server in the calling domain fails to start with following exception. This is due to the Foreign JNDI Manager service being started prior to cluster services starting.####<Jun 1, 2006 2:45:59 PM MEST> <Critical> <WebLogicServer> <BEA-000386> <Server subsystem failed. Reason: java.lang.NullPointerExceptionjava.lang.NullPointerExceptionat weblogic.cluster.ServiceAdvertiser.announceOffer(ServiceAdvertiser.java:117)......This problem, described in Oracle Bug 8051204, has been fixed in Oracle WebLogic Server 9.2.
Severity: Minor Warning
Rationale: Administration
Description: If a configuration contains foreign JNDI links, the Oracle WebLogic Server Administration Console fails to display the JNDI tree. There are no exceptions, and the Administration Console displays a blank page. This makes it impossible to browse the JNDI tree for debugging purposes or to administer the JNDI security policies.
Severity: Minor Warning
Rationale: Administration
Description: JMS proxy using local foreign JMS server configuration with credentials given is not able to connect to the remote system.
Severity: Warning
Rationale: Subsystem Outage
Description: The Admin Console Deployments Table displays only 10 deployments per page.
Severity: Minor Warning
Rationale: Administration
Description: The Admin Console Deployments Table displays only 10 deployments per page.This problem, described in Oracle Bug 8110216, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 3.
Severity: Minor Warning
Rationale: Administration
Description: When multiple users run Domain Provisioning tools like the Configuration Wizard, Domain Stop Server Script, or WebLogic Scripting Tool Offline Scripting, it is possible that subsequent users of the tool might encounter error messages like the following:*sys-package-mgr*: can't write cache file for '/Oracle_HOME/jrockit90_150_06/lib/tools.jar'*sys-package-mgr*: can't write cache file for '/WLS_HOME/server/lib/weblogic.jar'*sys-package-mgr*: can't write cache file for '/WLS_HOME/server/lib/webservices.jar'*sys-package-mgr*: can't write cache file for '/WLS_HOME/common/eval/pointbase/lib/pbclient51.jar'*sys-package-mgr*: can't write cache file for '/Oracle_HOME/jrockit90_150_06/jre/lib/managementapi.jar'...
Severity: Minor Warning
Rationale: Administration
Description: Using global multicast addresses between 230.0.0.1 and 239.192.0.0 causes cluster issues. For example, the JMS destination may not replicate to all members of the cluster although the JNDINameReplicated attribute is set to "true."
Severity: Warning
Rationale: Administration
Description: By default, Oracle WebLogic Server does not check for Group circularity for any externally configured LDAP Authenticators (iPlanet, Active Directory, Novell, Open LDAP, etc.).Circular reference:Group A is a member of Group BGroup B is a member of Group AWhen a group circularity exists in the backend LDAP, so many LDAP connections are created (due to the backend LDAP group having itself as a member), that a server crash can result.
Severity: Minor Warning
Rationale: Subsystem Outage
Description: If a servlet calls RequestDispatcher.forward(), the following error occurs for a HEAD request: javax.servlet.ServletException: Original response not available.
Severity: Warning
Rationale: Administration
Description: If a servlet calls RequestDispatcher.forward(), the following error occurs for a HEAD request: javax.servlet.ServletException: Original response not available.This problem, described in Oracle Bug 8103455, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Administration
Description: A denial-of-service attack is a malicious attempt to overload a server by sending more requests than it can handle, preventing access to a service. Attackers may overload the server by sending huge amounts of data in an HTTP POST method. The client can get an HTTP error code 413 (Request Entity Too Large) or the connection may be broken.Prevent this type of attack by setting the MaxPostSize parameter. This limits the number of bytes of data that can be received in a POST from a single request. (By default, the value for MaxPostSize is -1, i.e. unlimited.) If an attacker sends an HTTP POST that exceeds the limit you specify, it triggers a MaxPostSizeExceeded exception and the server logs a "POST size exceeded the parameter MaxPostSize" message.
Severity: Critical
Rationale: Server Outage
Description: HTTP connection is closed after receiving OPTIONS query with no Content-Length header.
Severity: Minor Warning
Rationale: Administration
Description: HTTP connection is closed after receiving OPTIONS query with no content-length header.This problem, described in Oracle Bug 8091366, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 1.
Severity: Minor Warning
Rationale: Administration
Description: On a UNIX-like system, if you start your managed servers from a Node Manager, the Administration Server can throw frequent Protocol Exceptions with the message, "HTTP tunneling is disabled."
Severity: Minor Warning
Rationale: Administration
Description: HTTPCluster proxy tries to connect with the non-SSL ports even when the SecureProxy is set to ON. There are two issues regarding this:(1) When SecureProxy is ON, the proxy should not contact non-SSL ports.(2) Due to a problem with the session stickiness, the dynamic servlet list is not updated correctly.
Severity: Warning
Rationale: Non-User Viewable Errors
Description: UnavailableException does not comply with Servlet 2.4 Specifications for permanent and temporary unavailability. When a servlet throws temporary UnavailableException with the time period of the temporary unavailability, Oracle WebLogic Server still returns SC_NOT_FOUND (404) response. For Oracle WebLogic Server to comply with the specification, Oracle WebLogic Server would return 503 with Retry-After header OR treat it completely the same as permanent unavailability.This problem, described in Oracle Bug 8109719, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Not Complying with Specifications
Description: When Hibernate and ehcache are used with Oracle WebLogic Server, the ehcache component writes cached objects to the file system defined by the property java.io.tmpDir. This, in itself, is not an issue. However, when there are two or more managed servers running on each physical server, these managed servers write to the same directory in the file system using the same file names. Consequently, the servers are sharing resources that require explicit locks in order to modify the files, which can result in a deadlock condition.
Severity: Critical
Rationale: Administration
Description: The symptom is a high number of garbage collections happening when using JSP with Expressions Language.Memory is reclaimed by the garbage collection so this is not a memory leak, but a high usage of memory (high rate of object creation).Using JSP without Expressions Language has a pattern of not using memory that much.
Severity: Warning
Rationale: Performance
Description: The symptom is a high number of garbage collections happening when using JSP with Expressions Language.Memory is reclaimed by the garbage collection (GC). So, this is not a memory leak, but a high usage of memory (high rate of object creation).Using JSP without Expressions Language has a pattern of not using memory that much.This problem, described in Oracle Bug 8059776, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 3.
Severity: Minor Warning
Rationale: Performance
Description: Removing an application causes the associated deployment plan files to be discarded. A new deployment no longers carries any plan changes you may have made (such as enabling library services).
Severity: Minor Warning
Rationale: Development
Description: When using HttpProxyServlet in Oracle WebLogic Server 9.2 as Reversed Proxy Server (RPS), the socket is to be closed when the browser is closed or navigated to some other site. However, the connection is found to be kept alive, and it keeps reading from the socket.Symptom can be verified in server thread dumps.
Severity: Minor Warning
Rationale: Administration
Description: When using HttpProxyServlet in Oracle WebLogic Server 9.2 as Reversed Proxy Server (RPS), the socket is to be closed when the browser is closed or navigated to some other site. However, the connection is found to be kept alive, and it keeps reading from the socket.Symptom can be verified in server thread dumps. This problem, described in Oracle Bug 8118037, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Administration
Description: After upgrading to Oracle WebLogic Server 9.2 Maintenance Pack 2 or Maintenance Pack 3, the call request.getRemoteUser() returns null because Oracle WebLogic Server is not authenticating the user.Workaround: Change the source code to request.getHeader('REMOTE_USER') to get the remote user.
Severity: Minor Warning
Rationale: Administration
Description: HttpURLConnection is not closing the sockets that go to CLOSE_WAIT state, resulting in a socket leak.
Severity: Warning
Rationale: User Viewable Errors
Description: HttpURLConnection is not closing the sockets that go to CLOSE_WAIT state, resulting in a socket leak.This problem, described in Oracle Bug 8114063, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: User Viewable Errors
Description: When using weblogic.net.HttpURLConnection to connect to an external system, POST requests to the system fail on retry.
Severity: Warning
Rationale: Subsystem Outage
Description: When using weblogic.net.HttpURLConnection to connect to an external system, POST requests to the system fail on retry.This problem, described in Oracle Bug 8125047, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Subsystem Outage
Description: IBM JDK 64 bit is not supported for all versions of Oracle WebLogic Server. Oracle will provide support to the best of its ability. You may be advised to revert to a supported JVM configuration if you encounter an Oracle issue that appears to be JVM-related.
Severity: Warning
Rationale: Administration
Description: When generating IDL files, there are compatibility issues with the java.lang.String[] repository ID as follows:* Sun JDK rmic generates: "RMI:Ljava.lang.String;:071DA8BE7F971128:A0F0A4387A3BB342"* Oracle WebLogic Server IIOP/CORBA Impl generates: "RMI:[Ljava.lang.String;:071DA8BE7F971128:ADD256E7E91D7B47"
Severity: Minor Warning
Rationale: Not Complying with Specifications
Description: When generating IDL files, there are compatibility issues with the java.lang.String[] repository ID as follows:* Sun JDK rmic generates: "RMI:Ljava.lang.String;:071DA8BE7F971128:A0F0A4387A3BB342"* Oracle WebLogic Server IIOP/CORBA Impl generates: "RMI:[Ljava.lang.String;:071DA8BE7F971128:ADD256E7E91D7B47"This problem, described in Oracle Bug 8086027, has been fixed in Oracle WebLogic Server 9.2.
Severity: Minor Warning
Rationale: Not Complying with Specifications
Description: An IOException occurs when invoking a Web Service method through JMS that uses the default charset.For example, see Russian characters with code 0418H in UTF8.This problem, described in Oracle Bug 8124232, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 3.
Severity: Minor Warning
Rationale: Not Complying with Specifications
Description: An IOException occurs when invoking a Web service method through JMS that uses the default charset.As an example, see the Russian characters with code 0418H in UTF8.This problem, described in Oracle Bug 8124232, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 3.
Severity: Minor Warning
Rationale: Not Complying with Specifications
Description: An IOException occurs when invoking a Web service method through JMS that uses the default charset.For example, see Russian characters with code 0418H in UTF8.
Severity: Minor Warning
Rationale: Not Complying with Specifications
Description: When resource-reload-check-secs is disabled (set to -1), if a browser attempts to access with Cache Control: no-cache header, and if static files are modified to a small size, Oracle WebLogic Server throws the following exception:<2006/06/12 15??15??34?b JST> <Error> <HTTP> <BEA-101019><[weblogic.servlet.internal.WebAppServletContext@168fa45 -name: 'DefaultWebApp', context-path: '/DefaultWebApp'] Servlet failed with IOExceptionjava.io.IOException: failed to read '2' bytes from InputStream; clen: 39remaining: 2 count: 37 atweblogic.servlet.internal.ChunkOutput.writeStream(ChunkOutput.java:411) atweblogic.servlet.internal.ChunkOutputWrapper.writeStream(ChunkOutputWrapper.java:168)...>
Severity: Warning
Rationale: Not Complying with Specifications
Description: The IPv6 implemented by Microsoft Windows XP does not support dual mode sockets and cannot be used with any available JVMs. If SIP traffic is enabled by configuring a network channel with an IPv6 address on Windows XP with either the Sun or Oracle JRockit JVMs, the following exception occurs:com.bea.wcp.sip.engine.connector.transport.TransportException: Address family not supported by protocol family: bind at com.bea.wcp.sip.engine.connector.transport.UdpTransportModule.start(UdpTransportModule.java:166) ...
Severity: Minor Warning
Rationale: Development
Description: If you use the Administration Console to configure SIP channels with "External Listen Address" and "External Listen Port," the following occurs, as expected:* Oracle WebLogic SIP Server (WLSS) replaces the Via header of the WLSS IP address with the IP address specified for "External Listen Address."* WLSS replaces the WLSS port number with the port number specified for "External Listen Port."However, if you enable the Record-Route header in your application (setRecordRoute(true)), the following occurs:* WLSS correctly sets the IP address of the Record-Route header to the address specified for "External listen address."* WLSS incorrectly sets the Record-Route header port number to 5060, instead of the port specified for "External Listen Port."
Severity: Warning
Rationale: Administration
Description: In Oracle WebLogic Server 9.0.x and earlier releases, if a connection fails, the server does not attempt to reconnect. This behavior changed for Oracle WebLogic Server 9.1 and later releases. In Oracle WebLogic Server 9.1.x, if a connection fails, the server tries to reconnect to a target host. If the target host is down, Oracle WebLogic Server continues to wait for the response until double the amount of the specified TCP timeout has lapsed.For example, if the TCP timeout is set to 3 minutes, Oracle WebLogic Server 9.0 waits for a response for 3 minutes, while Oracle WebLogic Server 9.1 waits for 6 minutes. This has an impact on performance when the target system is down.
Severity: Minor Warning
Rationale: Performance
Description: Some customers write their own startup and environment scripts. Sometimes they invert the CLASSPATH order. When this occurs, patches applied with BSU are not active even if Oracle Enterprise Manager detects them. The weblogic_patch.jar must always come before weblogic_sp.jar and weblogic.jar in the classpath.
Severity: Critical
Rationale: Administration
Description: When you use the Oracle WebLogic Server Administration Console to enable the debugWTCUdata flag, an atpesystem error occurs on the second tpcall.
Severity: Warning
Rationale: User Viewable Errors
Description: When you use the Oracle WebLogic Server Administration Console to enable the debugWTCUdata flag, an atpesystem error occurs on the second tpcall.This problem, described in Oracle Bug 8122871, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: User Viewable Errors
Description: The following exception can occur when you attempt to access the "WS-Policy" configuration tab in the Oracle WebLogic Server Administration Console:java.lang.IllegalArgumentException: The property you provided 'contents' of form 'deploymentPlanForm' must not be set to null.
Severity: Minor Warning
Rationale: Administration
Description: Web services with a single dimension SOAP array and variable length are not handled properly. The Web Services fail when processing empty arrays.java.lang.IllegalArgumentException: Illegal Capacity: -1at java.util.ArrayList.<init>(ArrayList.java:111)at com.bea.staxb.runtime.internal.util.collections.ArrayListBasedObjectAccumulator.createNewStore(ArrayListBasedObjectAccumulator.java:42)at com.bea.staxb.runtime.internal.util.collections.ObjectAccumulator.<init>(ObjectAccumulator.java:39)This problem, described in Oracle Bug 8122845, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 3.
Severity: Minor Warning
Rationale: Administration
Description: Web services with a single dimension SOAP array and variable length are not handled properly. The Web services fail when processing for empty arrays.java.lang.IllegalArgumentException: Illegal Capacity: -1at java.util.ArrayList.<init>(ArrayList.java:111)at com.bea.staxb.runtime.internal.util.collections.ArrayListBasedObjectAccumulator.createNewStore(ArrayListBasedObjectAccumulator.java:42)at com.bea.staxb.runtime.internal.util.collections.ObjectAccumulator.<init>(ObjectAccumulator.java:39)
Severity: Warning
Rationale: Administration
Description: In Oracle WebLogic SIP Server 3.1, SIP sessions never expire, when "setExpires()" is called on SipApplicationSession.
Severity: Warning
Rationale: Not Complying with Specifications
Description: In a forking proxy scenario under high load, noAckReceived after IllegalStateException as follows:<Oct 16, 2007 3:19:53 PM CEST> <Error> <WLSS.Transport> <BEA-330608> <Socket errorjava.lang.IllegalStateException: This transaction has been completed already. at com.bea.wcp.sip.engine.server.SipServletResponseImpl.<init>(SipServletResponseImpl.java:75) at com.bea.wcp.sip.engine.server.SipServletRequestImpl.createResponse(SipServletRequestImpl.java:1013) at com.bea.wcp.sip.engine.server.SipServletRequestImpl.createResponse(SipServletRequestImpl.java:994) at com.bea.wcp.sip.engine.server.ServerTransaction.rcvCancel(ServerTransaction.java:632) at com.bea.wcp.sip.engine.server.TransactionManager.receiveContinuationRequest(TransactionManager.java:1235)
Severity: Warning
Rationale: Performance
Description: Based on the SIP Servlet API version 1.0 Chapter 8.2.3, the container should notify a forking application only when the "best" response is received; that is, when final responses have been received from all destinations except "200 OK." However, when an application forks two or more destinations, Oracle WebLogic SIP Server 3.0 informs the application about all responses.Resolution:The patch to Oracle Bug 8119447 fixes the forking proxy issues described above. However, a memory leak can occur under heavy load conditions. Therefore, Oracle recommends applying the the patch to Oracle Bug 8113068 along with the patch to Oracle Bug 8119447.
Severity: Warning
Rationale: Not Complying with Specifications
Description: A forking proxy returns to Oracle WebLogic SIP Server UAS different "To:" header tags in the "183 Session Progress" and "200 OK."When SipServletResponse.createAck() is invoked on the 200 OK, the ACK request has the "To:" header tag of the 183 response, instead of the 200 response.Use case:The following typical call flow illustrates the issue: -> UAS1UAC->WLSS-B2BUA-> Forking Proxy -> UAS2The 183 is coming from the UAS1 session, and the 200 from the UAS2 session (different "To:" tag). When ACK is generated for the 200 OK response, the container creates the ACK with 183 "To:" tag.Resolution:The issue is fixed by the patch to Oracle Bug 8118703.
Severity: Warning
Rationale: Development
Description: The Administration Console is not showing the correct value for FailedMessagesTotalCount for SAF agents even though the messages expire after the configured TimeToLive value. However, this value is getting updated if the messages are manually expired using the Expire all tab of the console.
Severity: Minor Warning
Rationale: Administration
Description: Under certain conditions, an inaccurate Info message (see below) is written to the server logs continuously, every few seconds. This happens during a particular sequence of starting the Oracle WebLogic Server Administration and managed servers.Example:1. The Administration Server Listen Address is set to something other than "localhost."2. "TunnelingEnabled" is set to "false" (this is the default setting).The following error then occurs:'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <> <1215144474983> <000000> <HTTPClntLogin: Login rejected with code: 'Failed', reason: java.net.ProtocolException: HTTP tunneling is disabled at weblogic.rjvm.http.HTTPServerJVMConnection.acceptJVMConnection(HTTPServerJVMConnection.java:88)
Severity: Minor Warning
Rationale: Administration
Description: Oracle WebLogic Scripting Tool (WLST) running a script generated by execToscript fails on activate():WLSTException: 'Error occured while performing activate :Error while Activating changes.[JMSExceptions:045032]While attempting to create destination WSInternaljms.internal.queue.WSStoreForwardQueuemyserver in module interop-jms the JMSServer of name WSStoreForwardInternalJMSServermyserver could not be found. Use dumpStack() to view the full stacktrace'
Severity: Minor Warning
Rationale: Administration
Description: When creating a JSPX document with a content type of "text/html" the parser incorrectly escapes the template characters, whereas if it is changed to "text/xml" it works as expected.
Severity: Minor Warning
Rationale: Administration
Description: When creating a JSPX document with a content type of "text/html," the parser incorrectly escapes the template characters. If it is changed to "text/xml," the parser processes the file correctly.This problem, described in Oracle Bug 8099960, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 1.
Severity: Minor Warning
Rationale: Administration
Description: Incorrect help page is showing up for JTA -> monitoring -> Migration tab. A page of "The WebLogic Server Administrative Console" is shown instead of help page for Migration tab of JTA Monitoring.
Severity: Minor Warning
Rationale: Administration
Description: The debugging scope values for SAF debug APIs are incorrectly defined in Oracle WebLogic Server 9.0. Consequently setting the corresponding DebugSAF* flags on the Administration Console does not produce the desired result.Workaround or Solution:In Oracle WebLogic Server 9.1 and later, the debugging scope values for SAF debug APIs are correct and the flags work as expected.
Severity: Minor Warning
Rationale: Administration
Description: In rare cases, external compaction can cause very long pause times when attempting to move a large object from the highest heap parts, if the heap is fragmented.
Severity: Warning
Rationale: Performance
Description: Certain applications require the ability to retrieve the complete Route Header of a SIP request before Oracle WebLogic Server SIP Server reduces it. JSR 116 does not define a way of retrieving it; however, this is addressed in JSR 289.Oracle WebLogic Server SIP Server versions (2.2, 3.0, and 3.1) support JSR 116 and subsequent releases JSR 289.Use case:As described in JSR 116, the Oracle WebLogic Server SIP Server reduces the Route Header before sending the message to the deployed SIP servlet application.Some applications will not work with the reduced header. Oracle Bug 8132205 fixes this limitation of JSR 116. A patch is available for Oracle WebLogic Server SIP Server 3.0.
Severity: Minor Warning
Rationale: Development
Description: An inner Java class as a parameter/return type in a Web method causes the Webservice not to deploy.
Severity: Minor Warning
Rationale: Not Complying with Specifications
Description: In some cases, Oracle WebLogic Server 9.2 may raise the following exceptions in the Oracle WebLogic Portal running on a managed server:weblogic.management.utils.CreateExceptionnetscape.ldap.LDAPException: error result (68)This is due to a timing issue that can occur between the administration server and the managed server when a security policy is changed - in this case, attempting to create a new role when the role already exists. Oracle WebLogic Server fails to detect the existing role, causing the managed server to attempt to create the duplicate role in the Oracle WebLogic Server embedded LDAP.
Severity: Critical
Rationale: Subsystem Outage
Description: In some cases, Oracle WebLogic Server 9.2 may raise the following exceptions in the Oracle WebLogic Portal running on a Managed Server:weblogic.management.utils.CreateExceptionnetscape.ldap.LDAPException: error result (68)This is due to a timing issue that can occur between the Administration Server and the Managed Server when a security policy is changed - in this case, attempting to create a new role when the role already exists. Oracle WebLogic Server fails to detect the existing role, causing the Managed Server to attempt to create the duplicate role in the Oracle WebLogic Server embedded LDAP.This problem, described in Oracle Bug 8129496, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 1.
Severity: Minor Warning
Rationale: Subsystem Outage
Description: In some cases, Oracle WebLogic Server 9.2 may raise the following exceptions in the Oracle WebLogic Portal running on a Managed Server:weblogic.management.utils.CreateExceptionnetscape.ldap.LDAPException: error result (68)This is due to a timing issue that can occur between the Administration Server and the Managed Server when a security policy is changed - in this case, attempting to create a new role when the role already exists. Oracle WebLogic Server fails to detect the existing role, causing the Managed Server to attempt to create the duplicate role in the Oracle WebLogic Server embedded LDAP.This problem, described in Oracle Bug 8092191, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 1.
Severity: Minor Warning
Rationale: Subsystem Outage
Description: Web Service fails to honor the optional element minOccurs="0". When invoking a Web Service with this optional element in the request message, the following issues are faced:1. Deleting this optional element from the request message fails to invoke the Web Service.2. When the Web Service client invokes the Web Service with a null value for this optional element, the optional element is added to the SOAP body with an empty value in the SOAP response. The resulting XML will not validate against the schema if it has nillable=false for this optional element.
Severity: Warning
Rationale: Development
Description: Web Service fails to honor the optional element minOccurs="0". When invoking a Web Service with this optional element in the request message, the following issues are faced:1. Deleting this optional element from the request message fails to invoke the Web Service.2. When the Web Service client invokes the Web Service with a null value for this optional element, the optional element is added to the SOAP body with an empty value in the SOAP response. The resulting XML will not validate against the schema if it has nillable=false for this optional element.This problem, described in Oracle Bug 8112919, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Development
Description: Calls of isConnected on SSLLayeredSocket always results in a socket not connected indication. This is now fixed and isConnected will return the true connected state of the socket.
Severity: Warning
Rationale: Non-User Viewable Errors
Description: Javelin JSP compiler does not find boolean accessor methods prefixed with "is" when parsing the <jsp:getProperty> tag.
Severity: Warning
Rationale: Development
Description: Javelin JSP compiler does not find boolean accessor methods prefixed with "is" when parsing the <jsp:getProperty> tag.This problem has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 1.
Severity: Minor Warning
Rationale: Development
Description: The custom security provider is not registering to the VM/JAAS Configuration during start-up. The following exception is thrown:by: java.lang.IllegalArgumentException: No Configuration was registered that can handle the configuration named coreat com.bea.common.security.jdkutils.JAASConfiguration.getAppConfigurationEntry(JAASConfiguration.java:103)...The server that is unable to start, goes to FORCE_SHUTTING_DOWN state and exits.The same Custom Security Providers that were working absolutely fine with Oracle WebLogic Server 9.1.0 are NOT working with Oracle WebLogic Server 9.2.2 even though the security provider JAR files have been upgraded to Oracle WebLogic Server 9.2.2.
Severity: Minor Warning
Rationale: Administration
Description: When redeploying a Web application from Oracle Workshop for WebLogic that references Oracle WebLogic Server Service Controls, there is a severe memory leak that prevents any form of incremental development in Oracle Workshop for WebLogic. Essentially, the JAX-RPC stubs and associated com.bea.xbean runtime bindings leak (for the WSDL) during each redeployment.
Severity: Minor Warning
Rationale: Administration
Description: The JDBC MultiDataSource member data source list does not support dynamic updates. This may result in application service interruptions, since the MultiDataSource must be manually untargeted or redeployed.
Severity: Minor Warning
Rationale: Administration
Description: If the initial capacity and the maximum capacity are changed in the same edit session and the new value for the initial capacity is larger than the value for the maximum capacity, the update will fail. This failure occurs because Oracle WebLogic Server checks the new value for the initial capacity against the value for the maximum capacity.When trying to change it to 30 and 30, respectively, the following error occurs:Failure occured in the execution of deployment request with ID '1130667254066' for task 'weblogic.deploy.configChangeTask.1'. Error is: 'weblogic.application.ModuleException: prepareUpdate failed for JDBC Module OracleDS: Cannot set Initial Capacity of Pool OracleDS to (30), this value is higher than the configured Maximum Capacity of the pool (15).
Severity: Minor Warning
Rationale: Administration
Description: A JDBC connection leak is not detected if all statements are closed but the connection is not released.For example, if the following code is executed, then the leak is not detected: con = getConnection(); stmt = con.prepareStatement(); rs = stmt.execute...(); rs.close(); stmt.close(); // con.close() is not called return; // end of jsp or servlet
Severity: Minor Warning
Rationale: Administration
Description: JDBC connection leak is not detected if all statements are closed but the connection is not released.For example, if the following code is executed, then the leak is not detected: con = getConnection(); stmt = con.prepareStatement(); rs = stmt.execute...(); rs.close(); stmt.close(); // con.close() is not called return; // end of jsp or servletThis problem, described in Oracle Bug 8123030, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Administration
Description: When deleting a JDBC data source and creating a new one with the same name within the same edit session, the JDBC data source gets created with a missing target, and the following error displays:"weblogic.j2ee.descriptor.wl.JDBCPropertyBeanImpl@e407a125([JDBC DataSource-0]/JDBCDriverParams/Properties/Properties[databaseName])"
Severity: Minor Warning
Rationale: Administration
Description: If initial-capacity is 0 and shrinking is enabled, weblogic.jdbc.extensions.PoolLimitSQLException occurs unexpectedly when the user application tries to get a connection from JDBCDataSource.The shrinking algorithm does not consider any current reserve requests, only previously collected history. It may actually shrink connections needed by current reservers.
Severity: Minor Warning
Rationale: Administration
Description: When JDBC initial capacity and max capacity is not equal, shrinking is not disabled even if JDBC DataSource is configured with ShrinkFrequencySeconds =0
Severity: Warning
Rationale: Not Complying with Specifications
Description: When JDBC initial capacity and max capacity is not equal, shrinking is not disabled even if JDBC DataSource is configured with ShrinkFrequencySeconds =0This problem, described in Oracle Bug 8166157, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 3.
Severity: Minor Warning
Rationale: Not Complying with Specifications
Description: If the Statement, Prepared Statement, or XA Prepared Statement cache size is set to zero, an internal connection management method can incur a null pointer exception. The server log will include a message such as the following:Caused by: java.lang.NullPointerException at weblogic.jdbc.common.internal.ConnectionEnv.getPrepStmtCacheCurrentSize(ConnectionEnv.java:1188)
Severity: Minor Warning
Rationale: User Viewable Errors
Description: If the Statement, Prepared Statement, or XA Prepared Statement cache size is set to zero, an internal connection management method can incur a null pointer exception. The server log will include a message such as the following:"Caused by: java.lang.NullPointerException atweblogic.jdbc.common.internal.ConnectionEnv.getPrepStmtCacheCurrentSize(ConnectionEnv.java:1188)"This problem, described in Oracle Bug 7991178, has been fixed in Oracle WebLogic Server 9.2.
Severity: Minor Warning
Rationale: User Viewable Errors
Description: When a Distributed Topic is configured, if a network failure occurs and the Oracle WebLogic Servers lose contact with one another, then the members of the Distributed Destination will not be able to send JMS messages between nodes, even when the network connection has been re-established.
Severity: Critical
Rationale: Subsystem Outage
Description: When a Distributed Topic is configured and a network failure causes the Oracle WebLogic Servers to lose contact with one another, the members of the Distributed Destination will not be able to send JMS messages between nodes, even after the network connection has been re-established.This problem, described in Oracle Bug 8105990, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Subsystem Outage
Description: JMS JDBC store does not recover after database failure and reconnection. It results in the following exception for the affected JMS JDBC Store (Oracle DB):[Store:280065]failed to connect to database (server="XXXXXXXX" store="XXXXXXX" table="Store1WLStore"):(LinkedCause, "weblogic.jdbc.extensions.ConnectionDeadSQLException: weblogic.common.resourcepool.ResourceDeadException: Could not create pool connection. The DBMS driver exception was: Io exception: The Network Adapter could not establish the connection")
Severity: Critical
Rationale: Subsystem Outage
Description: JMS JDBC store does not recover after database failure and reconnection. It results in following exception for effected JMS JDBC Store (Oracle DB):[Store:280065]failed to connect to database (server="XXXXXXXX" store="XXXXXXX" table="Store1WLStore"):(LinkedCause, "weblogic.jdbc.extensions.ConnectionDeadSQLException: weblogic.common.resourcepool.ResourceDeadException: Could not create pool connection. The DBMS driver exception was: Io exception: The Network Adapter could not establish the connection")Oracle Bug 8099183 has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Subsystem Outage
Description: In this release, Oracle WebLogic Server automatically performs Resource Adapter (RA) connection pool profiling and this logging cannot be turned off. This may result in needlessly large log files that are quickly cluttered with frequent entries, such as when using the Messaging Bridge.
Severity: Minor Warning
Rationale: Administration
Description: Oracle WebLogic Server automatically performs resource adapter connection pool profiling. This cannot be disabled. This may result in needlessly large log files that are quickly cluttered with frequent entries, such as when using the Messaging Bridge.This problem, described in Oracle Bug 8081009, has been fixed in Oracle WebLogic Server 9.2.
Severity: Minor Warning
Rationale: Administration
Description: The PersistentStoreConnectionRuntime statistics reports a negative object count after recovery.
Severity: Warning
Rationale: Administration
Description: JMS SAF Client does not failover to other cluster members when the primary member goes down. The following exception occurs on closing and creating a new SAF client context, as the messages are redirected to the other member:<Jun 19, 2008 7:23:26 PM PDT> <Error> <Kernel> <BEA-000802> <ExecuteRequest failed java.lang.IllegalArgumentException: TimerManager is in STOPPED state.java.lang.IllegalArgumentException: TimerManager is in STOPPED state at weblogic.timers.internal.TimerManagerImpl.schedule(TimerManagerImpl.java:392) at weblogic.timers.internal.TimerManagerImpl.schedule(TimerManagerImpl.java:340)...>
Severity: Minor Warning
Rationale: User Viewable Errors
Description: When delivery fails for JMS messages queued in the 'At-Least-Once' delivery mode, the messages are resent, but not necessarily in the right order.
Severity: Warning
Rationale: Not Complying with Specifications
Description: A JMS Store request can get lost whenever the JMS store is unavailable. If the store is shut down or removed while there is an outstanding request, the request will not complete.This problem, described in Oracle Bug 8067656, has been fixed in Oracle WebLogic Server 9.2.
Severity: Minor Warning
Rationale: Administration
Description: When messages are sent to a destination that is configured with a quota, the messages are inadvertently added to the list of "Pageable" messages once the quota is met. The result is growth in memory because these messages are not removed from the list of Pageable messages.
Severity: Minor Warning
Rationale: Administration
Description: When messages are sent to a destination that is configured with a Quota and that Quota is met, then these messages are inadvertently added to the list of "Pageable" messages. As a result, memory continues to grow because the messages are never removed from the list of Pageable messages.This problem, described in Oracle Bug 8097206, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Administration
Description: Default behavior is unchanged. User may now use a system property to control the max file store size. Added system property to control file store size:-Dweblogic.store.MaxFileSize=80000000The size specified will be adjusted internally to fix the proper block size multiple.Minimum size is 10485760.Maximum size is 2146435072 (Default).If the file cannot be expanded to hold the message, it will create a new file for that message. If the overall message size is greater than the file size a PersistentStoreFatalException will be thrown.
Severity: Warning
Rationale: Administration
Description: JMS producer leaks memory when the producer is repeatedly created and closed while the session remains open.
Severity: Minor Warning
Rationale: Administration
Description: JMS producer leaks memory when the producer is repeatedly created and closed while the session remains open.This problem, described in Oracle Bug 8108465, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Administration
Description: JMS producer leaks memory when the producer is repeatedly created and closed while the session remains open.This problem, described in Oracle Bug 8108465, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Administration
Description: When the JMS Server's BytesHighCount attribute is greater than 50 percent of the JVM's HeapSizeCurrent, and the BytesPagingEnabled and MessagesPagingEnabled attributes are not set, a JMS processing error may have occured or may occur in the future.
Severity: Critical
Rationale: Server Outage
Description: When deploying a JMS module, the Oracle WebLogic Server Administration Console is not transparently creating the necessary subdeployment targets in the Install assistant with some configurations of JMS Servers for the selected targets. In these cases, some subdeployment targets are not included in the deployment without providing error messages or the opportunity for an administrator to correct this targeting.For Oracle WebLogic Server 9.2, the user must do either:1) From the console, target the module at a single server, then go back in and setup the targeting for individual subdeployments.2) Use weblogic.Deployer
Severity: Warning
Rationale: Subsystem Outage
Description: When sending a large number of messages to a JMS queue without any clients to de-queue, Oracle WebLogic Server 9.1 server runs out of memory very quickly.
Severity: Critical
Rationale: Server Outage
Description: When sending a large number of messages to a JMS queue without any clients to de-queue, Oracle WebLogic Server 9.1 server runs out of memory very quickly.This problem, described in Oracle Bug 8087552, has been fixed in Oracle WebLogic Server 9.2.
Severity: Minor Warning
Rationale: Server Outage
Description: After the database recovers from failures, the first message can be received successfully. Then, an exception will be caught while receiving the rest of the messages. The exception will be the following:Exception while receiving messages weblogic.jms.common.JMSException:weblogic.messaging.kernel.KernelException: I/O error in acknowledge...Caused by: weblogic.store.io.jdbc.JDBCStoreException: [Store:280064]store is closed (server="jdbcServer4" store="oracleRac_JDBCStore3" table="orarac3WLStore")at weblogic.store.io.jdbc.JDBCStoreIO.checkOpen(JDBCStoreIO.java:877)at weblogic.store.io.jdbc.JDBCStoreIO.delete(JDBCStoreIO.java:1179)...
Severity: Minor Warning
Rationale: Administration
Description: After the database recovers from failures, the first message can be received successfully. Then an exception will be caught while receiving the rest of the messages. The exception will be the following:Exception while receiving messages weblogic.jms.common.JMSException:weblogic.messaging.kernel.KernelException: I/O error in acknowledge.....Caused by: weblogic.store.io.jdbc.JDBCStoreException: [Store:280064]store is closed (server="jdbcServer4" store="oracleRac_JDBCStore3" table="orarac3WLStore")at weblogic.store.io.jdbc.JDBCStoreIO.checkOpen(JDBCStoreIO.java:877)...This problem, described in Oracle Bug 8133665, has been fixed in Oracle WebLogic Server 10.0.
Severity: Minor Warning
Rationale: Administration
Description: JMS wrappers not properly handled the JMS 1.1 APIUsing wrappers means configuring a Foreign Connection Factory and a Foreign Destination that correspond to remote JMS objects (either non-Oracle or Oracle WebLogic Server JMS) as entries in your local JNDI tree.For foreign and remote destinations, the simplest configuration strategy is to use Oracle WebLogic Server JMS wrappers. Wrappers allow you to create a ?symbolic link? between a JMS object in a third-party JNDI provider or in a different Oracle WebLogic Server cluster or domain, and an object in the local Oracle WebLogic Server JNDI tree.
Severity: Minor Warning
Rationale: Administration
Description: Intermittently, the JMS pending message count and pending bytes count attributes in the JMSDestinationRuntimeMBean are set to a negative value for MessagesPendingCount and BytesPendingCount.
Severity: Minor Warning
Rationale: Administration
Description: Message headers of messages in the server are altered after restarting the server. This occurs because the "Name" field of the "JMSReplyTo" property is nullified when the server is restarted.
Severity: Warning
Rationale: Administration
Description: Message headers of messages in the server are altered after restarting the server. This occurs because the "Name" field of the "JMSReplyTo" property is nullified when the server is restarted.This problem, described in Oracle Bug 8127939, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 3.
Severity: Minor Warning
Rationale: Administration
Description: Message headers of messages in the server are altered after restarting the server. This occurs because the "Name" field of the "JMSReplyTo" property is nullified when the server is restarted.This problem, described in Oracle Bug 8127939, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 3.
Severity: Minor Warning
Rationale: Administration
Description: When sending a message to a distributed topic in Oracle WebLogic Server 9.2 Maintenance Pack 2, after restricting the JMS access to a specific user, a JMSSecurityException access denied error occurs. This does not occur in Oracle WebLogic Server 9.2 Maintenance Pack 1 when the domain has either admin port enabled.This problem, described in Oracle Bug 8149019, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 3.
Severity: Minor Warning
Rationale: Administration
Description: JMSWrapper overrides the given foreign JNDI properties for creating Initial Context.
Severity: Minor Warning
Rationale: User Viewable Errors
Description: When Oracle WebLogic Server Messaging Bridge attempts to send messages from Oracle WebLogic Server to SonicMQ, the send operation fails with the following exception:<Jan 18, 2007 12:36:02 PM CET> <Debug> <MessagingBridgeRuntimeVerbose> <blade179> <online1> <[ACTIVE] ExecuteThread: '3'for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <Oracle1-0135C6595CEBDA119AFB> <> <1169120162762> <000000> <Exception:javax.jms.JMSException: Message Property cannot be set by a JMS client at progress.message.jimpl.JMSExceptionUtil.createJMSException
Severity: Critical
Rationale: Subsystem Outage
Description: When Oracle WebLogic Server Messaging Bridge attempts to send messages from Oracle WebLogic Server to SonicMQ, the send operation fails with the following exception:<Jan 18, 2007 12:36:02 PM CET> <Debug> <MessagingBridgeRuntimeVerbose> <blade179> <online1> <[ACTIVE] ExecuteThread: '3'for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <Oracle1-0135C6595CEBDA119AFB> <> <1169120162762> <000000> <Exception:javax.jms.JMSException: Message Property cannot be set by a JMS client at progress.message.jimpl.JMSExceptionUtil.createJMSExceptionThis problem, described in Oracle Bug 8107745, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Subsystem Outage
Description: After deploying an application containing a custom Call Router class, the server JNDI tree displays only one entry and the following message appears in the server logs:<< Skipping over incompatible object at name=..... >>
Severity: Minor Warning
Rationale: Administration
Description: A crash can occur in Oracle JRockit 1.4.2_0 when calling remote web services, causing a NullPointerException in the native code.The following is an example thread stack trace: - - - - - - - - - -Error code: 52Error Message: Null pointer exception in native codeSignal info : si_signo=11, si_code=2 - - - - - - - - - -Thread Stack Trace: at org/apache/axis/message/MessageElement.addTextNode(MessageElement.java:1388)@0xa77c3ae0 at org/apache/axis/message/SOAPHandler.addTextNode(SOAPHandler.java:148)@0xa77ea0d6 at org/apache/axis/message/SOAPHandler.endElement(SOAPHandler.java:112)@0xa77ea8ed at org/apache/axis/encoding/DeserializationContext.endElement(DeserializationContext.java:1087)@0xa77ea468
Severity: Warning
Rationale: Administration
Description: Application Java Byte code produces wrong date when it is compiled with Oracle JRockit 1.5.0_08 R27.1.0For example when using java.util.Calendar:calendar.set(Calendar.MONTH, (calendar.get(Calendar.MONTH) - 1));and when we print Calendar.getTime() the wrong value for month is returned.System.out.println("DATE: " + calendar.getTime());
Severity: Warning
Rationale: Development
Description: An exception can occur in the Oracle WebLogic Server 10.0 Administration Console when you click the Servers - Monitoring tab - Performance tab. This issue occurs only if you are using JRockit R27.3, R27.4, R27.5, or R27.6.The following exceptions may occur:Error opening /jsp/core/server/ServerMonitoringPerformanceForm.jsp.The source of this error is javax.servlet.ServletException: javax.xml.transform.TransformerException:com.sun.org.apache.xml.internal.utils.WrappedRuntimeException:The entity name must immediately follow the '&' in the entity reference.at weblogic.servlet.jsp.PageContextImpl.handlePageExceptionThis problem, described in Oracle Bug 8116840, has been fixed in Oracle WebLogic Server 10.0 Maintenance Pack 1.
Severity: Minor Warning
Rationale: Administration
Description: An exception can occur in the Oracle WebLogic Server 10.0 Administration Console when you click the Servers - Monitoring tab - Performance tab. This issue occurs only if you are using JRockit R27.3, R27.4, R27.5, or R27.6.The following exceptions may occur:Error opening /jsp/core/server/ServerMonitoringPerformanceForm.jsp.The source of this error is javax.servlet.ServletException: javax.xml.transform.TransformerException:com.sun.org.apache.xml.internal.utils.WrappedRuntimeException:The entity name must immediately follow the '&' in the entity reference.at weblogic.servlet.jsp.PageContextImpl.handlePageException
Severity: Warning
Rationale: Administration
Description: The Heap Snapshot table on the Heap Overview tab appears to be configurable, but is not.
Severity: Minor Warning
Rationale: Administration
Description: The Memory Usage data on the General tab and the Optimization data on the Optimization tab of JRockit Mission Control's JRA window cannot be copied to the clipboard using the right click context menu. This works for the other data fields in JRockit Mission Control.
Severity: Minor Warning
Rationale: Administration
Description: When a Java application that has inline calculation in the array access is deployed on a Oracle WebLogic Server with Oracle JRockit R26.4.0-JDK1.5.0_06, a crash can occur.The error message is as follows:Error Message: Illegal memory access. [54]Signal info : si_signo=11, si_code=1
Severity: Warning
Rationale: Administration
Description: Accessing the "cookie" predefined variable in JSP EL (Expression Language) when the browser blocks cookies or the user has cleared all cookies including session cookies, produces an EL error. According to the JSP documentation, the "cookies" implicit object provides access to the cookies in the HTTP request by name. If the user has disabled cookies for the server, or if the user has deleted all cookies for that server, loading the page produces the following error:javax.servlet.jsp.el.ELException: Exception occured while evaluating EL at javelin.jsp.el.ExpressionEvaluatorImpl.evaluate(ExpressionEvaluatorImpl.java:113)
Severity: Warning
Rationale: Development
Description: Accessing the "cookie" pre-defined variable in JSP EL (Expression Language) when the browser blocks cookies or the user has cleared all cookies including session cookies, produces an EL error. If the user has disabled cookies for the server, or if the user has deleted all cookies for that server, loading the page produces the following error:javax.servlet.jsp.el.ELException: Exception occured while evaluating EL at javelin.jsp.el.ExpressionEvaluatorImpl.evaluate(ExpressionEvaluatorImpl.java:113)...This problem, described in Oracle Bug 8101358, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 1.
Severity: Minor Warning
Rationale: Development
Description: JSPs that contain an attribute value that has a double quotes character '"' will not compile.
Severity: Minor Warning
Rationale: Development
Description: JSPs that contain an attribute value that has a double quotes character '"' will not compile.This problem, described in Oracle Bug 8066698, has been fixed in Oracle WebLogic Server 9.2.
Severity: Minor Warning
Rationale: Development
Description: If we try to print two consecutive percent characters (%%) as a string through a JSP file, the JSP fails to compile and the following exception occurs: <%String test="%%";^ - - - - - - - -^test.jsp:1:15: Syntax error: expected ; (found '{' instead) <%Stringtest="%%"; ^-^test.jsp:1:15: A string must be terminated with a closing quote on the sameline as its start.<%String test="%%";This problem, described in Oracle Bug 8085166, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 1.
Severity: Minor Warning
Rationale: User Viewable Errors
Description: When a JSP uses the static include of an HTML file whose document root has been mapped using <virtual-directory-mapping> tag in weblogic.xml file, the JSP fails to compile throwing an exception stating that the HTML file cannot be found.
Severity: Warning
Rationale: Development
Description: When a JSP uses the static include of an HTML file whose document root has been mapped using <virtual-directory-mapping> tag in weblogic.xml file, the JSP fails to compile throwing an exception stating that the HTML file cannot be found.This problem, described in Oracle Bug 8109245, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Development
Description: JSP files that use tag libraries defined in .tag files are compiled on every request, even when no changes are made to those files.This has been verified with a standard, non-WebLogic Portal application. If we compile the JSP application provided using appc, the generated Java file adds an extra slash ("/") in the isResourceStale() method. Resolution given involves checking for '/' before prepending '/' in the path of theisResourceStale() method.Removing the use of the .tag in the test JSP restores normal compile behavior.
Severity: Warning
Rationale: Performance
Description: JSP files that use tag libraries defined in .tag files are compiled on every request, even when no changes are made to those files.This has been verified with a standard, non-WebLogic Portal application. If we compile the JSP application provided using the appc compiler, the generated Java file adds an extra slash ("/") in the isResourceStale() method. Resolution given involves checking for '/' before prepending '/' in the path of theisResourceStale() method.Removing the use of the .tag in the test JSP restores normal compile behavior.This problem, described in Oracle Bug 8164238, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 3.
Severity: Minor Warning
Rationale: Performance
Description: The JSP tag file variable directive "name-from-attribute" and "alias" attribute do not work correctly.
Severity: Warning
Rationale: Development
Description: The JSP tag file variable directive "name-from-attribute" and "alias" attribute do not work correctly.This problem, described in Oracle Bug 8103835, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 1.
Severity: Minor Warning
Rationale: Development
Description: If a JSPX file calls another JSPX file via the <jsp:directive.include file="<file>"/> tag, the JSPX will not compile.For example, if index.jspx calls include.jspx via <jsp:directive.include file="include.jspx"/>, this results in an index.jspx compilation error.
Severity: Minor Warning
Rationale: Development
Description: If a JSPX file calls another JSPX file via the <jsp:directive.include file="<file>"/> tag, the JSPX will not compile.For example, if index.jspx calls include.jspx via <jsp:directive.include file="include.jspx"/>, this results in an index.jspx compilation error.This problem, described in Oracle Bug 8065516, has been fixed in Oracle WebLogic Server 9.2.
Severity: Minor Warning
Rationale: Development
Description: The Oracle WebLogic Server JSP compiler (weblogic.jspc) does not generate independent private methods for each valid tag handler call, and the method size is currently restricted to 64K (because of the JVM specification). As a result, trying to load a large JSP that has many tag handler calls results in a ClassFormat error at runtime.
Severity: Minor Warning
Rationale: Development
Description: The Oracle WebLogic Server JSP compiler (weblogic.jspc) does not generate independent private methods for each valid tag handler call, and the method size is currently restricted to 64K (because of the JVM specification). As a result, trying to load a large JSP that has many tag handler calls results in a ClassFormat error at runtime.This problem, described in Oracle Bug 8066698, has been fixed in Oracle WebLogic Server 9.2.
Severity: Minor Warning
Rationale: Development
Description: If a JSP is included from another JSP, and it is responding to Japanese characters from a client, an infinite loop results that causes high CPU consumption and a stuck thread. The stack trace of the stuck thread is as follows:"[STUCK] ExecuteThread: '0' for queue: 'weblogic.kernel.Default(self-tuning)'" daemon prio=2 tid=0x2b95b530 nid=0xbec runnable [0x2b2df000..0x2b2dfd18] at sun.nio.cs.ext.DoubleByteDecoder.decodeArrayLoop(DoubleByteDecoder.java:94) at sun.nio.cs.ext.DoubleByteDecoder.decodeLoop(DoubleByteDecoder.java:144) at sun.nio.cs.ext.MS932$Decoder.decodeLoop(MS932.java:62) at java.nio.charset.CharsetDecoder.decode(CharsetDecoder.java:544) at weblogic.servlet.internal.CharChunkOutput.write(CharChunkOutput.java:107)
Severity: Critical
Rationale: Server Outage
Description: If a JSP is included from another JSP and it is responding to Japanese characters from a client, it results in an infinite loop that causes high CPU consumption and a stuck thread. The stack trace of the stuck thread is as follows:"[STUCK] ExecuteThread: '0' for queue: 'weblogic.kernel.Default(self-tuning)'" daemon prio=2 tid=0x2b95b530 nid=0xbec runnable [0x2b2df000..0x2b2dfd18] at sun.nio.cs.ext.DoubleByteDecoder.decodeArrayLoop(DoubleByteDecoder.java:94)Oracle Bug 8087101 has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 1.
Severity: Minor Warning
Rationale: Server Outage
Description: JSPs that use beanName instead of class in the <jsp:useBean> tag do not compile, as shown below:JSP syntax that uses "class" (as follows) works correctly:<jsp:useBean id="counter" scope="page" class="mycount.Counter" type="mycount.Counter"/>JSP syntax that uses "beanName" (as follows) results in an Inconvertible Types compilation error:<jsp:useBean id="counter" scope="page" beanName="mycount.Counter" type="mycount.Counter"/>
Severity: Minor Warning
Rationale: Development
Description: The JSR-88 view of webapp scoped custom modules is unavailable. The JSR-88 view should be available for any standalone module, as well as for WAR files.
Severity: Warning
Rationale: Not Complying with Specifications
Description: Under high loads, Oracle WebLogic Server ignores the JTA timeout-seconds setting configured in the Administration Console.
Severity: Warning
Rationale: User Viewable Errors
Description: Under high loads, Oracle WebLogic Server ignores the JTA timeout-seconds setting configured in the Administration Console.This problem, described in Oracle Bug 8055395, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 1.
Severity: Minor Warning
Rationale: User Viewable Errors
Description: The following error occurs when starting the managed server with 1.4.1_X JVM:"weblogic.utils.AssertionError: ***** ASSERTION FAILED *****[ invalid assignment from 'Object' to 'Object' ] at weblogic.utils.Debug.assertion(Debug.java:57)"The managed server startup failures due to weblogic.utils.AssertionError is because of JVM HotSpot optimizations. This is a JVM issue.
Severity: Minor Warning
Rationale: Administration
Description: A crash can happen while executing Oracle JRockit R27.X parallel garbage collection(-Xgc:parallel )objPoolMarkAllWeak function passes a null object to refResweepWeakHandle, giving a Tread Stack Trace as the following one: at refResweepWeakHandle+117()@0xb7d0f245 at objPoolMarkAllWeak+630()@0xb7ce03a6 ...This can be observed mostly using JVMTI agent.
Severity: Minor Warning
Rationale: Administration
Description: Japanese characters in Performance page of the Server are garbled after clicking Refresh button.
Severity: Minor Warning
Rationale: Not Complying with Specifications
Description: Getting the following exception when selecting JTA Monitoring tab.JTA - > Monitoring Tab - > Health - > myServer - > JTA (hyperlink)An unexpected exception has occurred processing your requestMessage: handle must be specifiedStack Trace: java.lang.IllegalArgumentException: handle must be specifiedat com.bea.console.actions.core.server.ServerMonitoringJtaSummaryAction.execute(ServerMonitoringJtaSummaryAction.java:47)at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:484)at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processActionPerform(PageFlowRequestProcessor.java:1948)...
Severity: Minor Warning
Rationale: Administration
Description: A Java thread deadlock can occur when compiling JSP files with the Javelin compiler, due to incorrect locking order (object lock first, then class lock, then object lock).
Severity: Warning
Rationale: Administration
Description: A Java thread deadlock can occur when compiling JSP files with the Javelin compiler, due to incorrect locking order (object lock first, then class lock, then object lock).This problem, described in Oracle Bug 8092413, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 1.
Severity: Minor Warning
Rationale: Administration
Description: Oracle WebLogic Server does not maintain Keep-Alive for 401 responses.
Severity: Minor Warning
Rationale: Non-User Viewable Errors
Description: When using the Struts EL HTML tag, EL does not get substituted with the correct values. The JSP compiler is not correctly using the introspection mechanism to find the setter method as described in the JavaBeans specifications. In Oracle WebLogic Server 9.2, the "html:img" and "html-el-img" are not being converted to the value in Oracle WebLogic Server 9.2.
Severity: Minor Warning
Rationale: User Viewable Errors
Description: When using the Struts EL HTML tag, EL does not get substituted with the correct values. The JSP compiler is not correctly using the introspection mechanism to find the setter method as described in the JavaBeans specifications. In Oracle WebLogic Server 9.2, the "html:img" and "html-el-img" are not being converted to the value in Oracle WebLogic Server 9.2.This problem, described in Oracle Bug 8135066, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: User Viewable Errors
Description: Oracle WebLogic Server cannot deploy more than two versions of an application library. Attempting to deploy more than two versions results in an error such as the following:Cannot deploy or redeploy application 'test-app-lib [LibSpecVersion=9.2.0,LibImplVersion=9.2.0.2]' because the maximum number of application versions (2) for application 'test-app-lib' is exceededThe limit on the number of deployed versions has been removed, allowing more than two versions of an application library to be deployed.
Severity: Minor Warning
Rationale: Administration
Description: Calling the REPORT action inside a local (transport based proxy) process causes an exception in the console. The local process (with transport medium local) has no URI because it is local. When calling the report action, the reporting module is trying to insert a NULL URI inside the DB schema and getting the exception. Due to this, the logging entries are not sent to report console.This issue is fixed by Oracle Bug 8131065.
Severity: Warning
Rationale: User Viewable Errors
Description: Logging rotation is not getting rotated into specified rotation directory when the log file name contains time and date stamp such as %yyyy%
Severity: Minor Warning
Rationale: Administration
Description: Logging rotation is not getting rotated into specified rotation directory when the log file name contains time and date stamp such as %yyyy%This problem, described in Oracle Bug 8087623, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Administration
Description: When using the Extended Log File (ELF) format, HTTP log files are being rotated even if the attribute "Rotate log file on startup" has not been enabled.
Severity: Minor Warning
Rationale: Development
Description: When using the Extended Log File (ELF) format, HTTP log files are being rotated even if the attribute "Rotate log file on startup" has not been enabled.This problem, described in Oracle Bug 8070575, has been fixed in Oracle WebLogic Server 9.2.
Severity: Minor Warning
Rationale: Development
Description: When Oracle WebLogic Server receives an RST packet from a browser client, unnecessary SocketException errors are logged to the server log file. As a result, this log file can grow very large in a short period of time.This only happens in non-English UNIX environments.
Severity: Minor Warning
Rationale: User Viewable Errors
Description: The display of the time and date format may vary, depending on the locale in use. For example, the DateFormat.FULL format in some locales includes seconds, while the FULL format in other locales does not include such detailed granularity.
Severity: Minor Warning
Rationale: Administration
Description: The display of the time and date format may vary, depending on the locale in use. For example, the DateFormat.FULL format in some locales includes seconds, while the FULL format in other locales does not include such detailed granularity.This problem, described in Oracle Bug 8063288, has been fixed in Oracle WebLogic Server 9.2.
Severity: Minor Warning
Rationale: Administration
Description: The Log filter located under Diagnostic Log Files is not working properly. When the log filter is used with Time interval-all and then changed to Time interval-any other option, it still shows the all summary. Once it goes from a smaller time interval to larger time interval, it works as expected.
Severity: Minor Warning
Rationale: Administration
Description: To enable Log4j logging for Oracle WebLogic Server, the log4j.jar and wllog4j.jar must be included in the CLASSPATH. Otherwise, JDK logging is used instead.
Severity: Warning
Rationale: Administration
Description: When a user who is a member of the monitors group logs into the Administration Console and attempts to view the testing tab of a Web application, an exception is thrown.
Severity: Minor Warning
Rationale: Administration
Description: A serial version UID mismatch error occurs when running WebLogicMBeanMaker or weblogic.Upgrade on AIX. The detailed exception is java.io.InvalidClassException:javax.xml.namespace.QName; local class incompatible: stream classdesc serialVersionUID = 4418622981026545151, local class serialVersionUID = -9120448754896609940.
Severity: Warning
Rationale: Administration
Description: A serial version UID mismatch error occurs when running WebLogicMBeanMaker or weblogic.Upgrade on AIX. The detailed exception is java.io.InvalidClassException: javax.xml.namespace.QName; local class incompatible: stream classdesc serialVersionUID = 4418622981026545151, local class serialVersionUID = -9120448754896609940.This problem, described in Oracle Bug 8093760, has been fixed in Oracle WebLogic Server 9.2.
Severity: Minor Warning
Rationale: Administration
Description: Some global Work Manager runtime MBeans and their associated components, such as MinimumThreads and RequestClass MBeans, do not show the correct values because of a Work Manager deployment problem.
Severity: Minor Warning
Rationale: Administration
Description: Some global Work Manager runtime MBeans and their associated components, such as MinimumThreads and RequestClass MBeans, do not show the correct values because of a Work Manager deployment problem.This problem, described in Oracle Bug 8067852, has been fixed in Oracle WebLogic Server 9.2.
Severity: Minor Warning
Rationale: Administration
Description: A Message Driven Bean (MDB) does not connect to a remote distributed queue through the local ForeignJMSServer without giving the provider-url in the deployment descriptor. However, it can connect to a remote Oracle WebLogic Server queue (not distributed) without providing the provider-url.
Severity: Warning
Rationale: Not Complying with Specifications
Description: An MDB (message driven bean) does not connect to a remote distributed queue through the local ForeignJMSServer without giving the provider-url in the deployment descriptor. However, it can connect to a remote Oracle WebLogic Server queue (not distributed) without providing the provider-url.This problem, described in Oracle Bug 8141201, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 3.
Severity: Minor Warning
Rationale: Not Complying with Specifications
Description: Message Driven Bean (MDB) thread hangs at weblogic.messaging.util.DeliveryList.waitUntilIdle() when using Oracle WebLogic Server 8.1 Threading Model -Dweblogic.Use81StyleExecuteQueues=true.
Severity: Critical
Rationale: Subsystem Outage
Description: Message Driven Bean (MDB) thread hangs at weblogic.messaging.util.DeliveryList.waitUntilIdle() when using Oracle WebLogic Server 8.1 Threading Model -Dweblogic.Use81StyleExecuteQueues=true.This problem, described in Oracle Bug 8108046, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Subsystem Outage
Description: The Oracle WebLogic Server 9.x Message Driven Bean (MDB) is unable to listen to distributed destinations running on the pre-9.x (8.1) Oracle WebLogic Server domain.
Severity: Warning
Rationale: Subsystem Outage
Description: The Oracle WebLogic Server 9.x Message Driven Bean (MDB) is unable to listen to distributed destinations running on the pre-9.x (8.1) WebLogic Server domain.This problem, described in Oracle Bug 7867452, has been fixed in Oracle WebLogic Server 9.2.
Severity: Minor Warning
Rationale: Subsystem Outage
Description: ClassCastExceptions occur when a Message Driven Bean (MDB) attempts to connect to a foreign JMS Provider using a JMS 1.1 Connection Factory, because the MDB JMSConnectionPoller and JMS wrapper code is using JMS 1.0 API. This is acceptable for Oracle WebLogic Server queues and topics, but fails for MQSeries queues and topics.
Severity: Minor Warning
Rationale: Administration
Description: Message-Driven Beans (MDBs) configured to use the connection factory and destinations from a locally configured ForeignJMSServer are not successfully connecting if an MDB descriptor did not include the local provider-url. The Queue and Connection Factory are given, and therefore the MDB should be able to connect locally.
Severity: Warning
Rationale: Subsystem Outage
Description: Two distinct Management Information Base (MIB) entries (safAgentRuntimeTable and safRemoteEndpointRuntimeTable) had the same OID in the MIB, causing a registration conflict.The following error occurs: - SAFAgentRuntimeMBeanSafAgentRuntimeTable OBJECT-TYPE...DESCRIPTION"This table is used for monitoring a WebLogic Store And Forward Agent."::= { wls 470 } - SAFRemoteEndpointRuntimeMBeanSafRemoteEndpointRuntimeTable OBJECT-TYPE...DESCRIPTION"This table is used for monitoring a WebLogic Store And ForwardRemoteEndpoint."::= { wls 470 }The two different MIB objects have the same OID (.1.3.6.1.4.1.140.625.470). Thiscan cause issues during runtime when attempting to resolve.
Severity: Minor Warning
Rationale: Administration
Description: Two distinct Management Information Base (MIB) entries (safAgentRuntimeTable and safRemoteEndpointRuntimeTable) had the same OID in the MIB, causing a registration conflict. The following error occurs: - SAFAgentRuntimeMBeanSafAgentRuntimeTable OBJECT-TYPESYNTAX SEQUENCE OF SAFAgentRuntimeEntryACCESS not accessible...The two different MIB objects have the same OID (.1.3.6.1.4.1.140.625.470). This can cause issues during runtime when attempting to resolve. The issue, described in Oracle Bug 8089403, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 1.
Severity: Minor Warning
Rationale: Administration
Description: The Managed Server Independence (MSI) File Replication Enabled parameter is available in the Oracle WebLogic Server 9.0 and 9.1 console, but has no effect. This parameter is not used in Oracle WebLogic Server 9.2.You can find some references to it in the documentation and console in Oracle WebLoigc Server 9.0 and 9.1 however, it is completely removed in Oracle WebLogic Server 9.2.
Severity: Minor Warning
Rationale: Administration
Description: An EJB is deployed on Oracle WebLogic Server 8.1, and the client is Oracle WebLogic Server 9.2 with an EJB client.jar installed.On the client side, this exception is raised:<BEA-010051> <EJB Exception occurred during invocation from home:java.lang.IncompatibleClassChangeError: class com.xxxx.xxxx has interface weblogic.rmi.extensions.server.Stub as super class at java.lang.ClassLoader.defineClass1(Native Method) ...Cause:The client.jar file contains classes which are not used and are referencing Oracle WebLogic Server 8.To make the RMI call from 9.x, you would have a JAR file from 8.1 application visible to 9.x. This JAR file will have stubs/skeleton classes required by clients to make the RMI call.
Severity: Minor Warning
Rationale: Administration
Description: Making multiple calls to response.addHeader() with the same standard header name returns only the last header value set to the client.
Severity: Warning
Rationale: Performance
Description: Making multiple calls to response.addHeader() with the same standard header name returns only the last header value set to the client.This problem, described in Oracle Bug 8108619, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Performance
Description: On Linux OS i686, when a Managed Server is shut down abruptly by means of the Node Manager, the Managed Server may become defunct. This occurs because the Node Manager ignores the SIGCHLD signal, which is not POSIX-compliant.
Severity: Critical
Rationale: Server Outage
Description: If the administration server port has not been enabled for either HTTP or HTTP tunneling, when you start a managed server through Node Manager, the server will incorrectly boot in managed server Independence mode because it cannot find the administration server.This problem, described in Oracle Bug 8068755, has been fixed in Oracle WebLogic Server 9.2.
Severity: Minor Warning
Rationale: Server Outage
Description: When a configuration field value has been cleared via the Console, incorrect null XML artifacts may remain in the configuration file. For example, clearing a Root Directory field in the server startup configuration will leave this in the config.xml file: <root-directory></root-directory> Since null may not always be a valid value, it may result in incorrect behavior later. For example, if the Root Directory attribute for a Managed Server is blank, and you try to start this Managed Server, it throws an error instead of starting and then disappears from the Console. Furthermore, it does not work correctly even if you try to restart the Administration Console or Node Manager. This problem, described in Oracle Bug 8095603, has been fixed in Oracle WebLogic Server 9.2
Severity: Minor Warning
Rationale: Administration
Description: It is possible for router information in the RJVM of a client to become corrupted. As a result, a Managed Server may be unable to establish a connection after restarting. Restarting a Managed Server results in a stale JNDI object. <Error> <RJVM> <BEA-000506> <Closing: weblogic.rjvm.t3.MuxableSocketT3$T3MsgAbbrevJVMConnection@175e058 because of Server expected to route a message received over an uninitialized connection: 'JVMMessage ...
Severity: Warning
Rationale: Administration
Description: If the Administration Server port has not been enabled for either HTTP or HTTP tunneling, when you start a Managed Server through Node Manager, the server will incorrectly boot in Managed Server Independence mode because it cannot find the Administration Server.
Severity: Critical
Rationale: Server Outage
Description: Managed servers fail to reconnect to the Admin Server when the Admin Server is restarted on another host or configured to a different listen IP address.
Severity: Warning
Rationale: Subsystem Outage
Description: Managed servers fail to reconnect to the Admin Server when the Admin Server is restarted on another host or configured to a different listen IP address.This problem, described in Oracle Bug 8110232, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Subsystem Outage
Description: When an Oracle WebLogic Server cluster has been configured on a Solaris 10 box(es), Managed Server instance(s) may periodically drop in and out of the cluster.Even though the server instances automatically rejoin the cluster, there will be lost multicast messages, and response time will be impacted due to the increased cluster housekeeping being required (for example, increased failover of requests or additional session replication needing to be carried out). This will then result in slower performance being seen by the end user/client.This issue is seen only on Solaris 10, regardless of the version of Oracle WebLogic Server being used.
Severity: Warning
Rationale: Performance
Description: The following exception occurs when starting the Oracle WebLogic SIP Server 3.0 SIP server domain:weblogic.management.ManagementException: [Management:141266]Parsing Failure in config.xml: WorkManagerMBean 'wlss.transport' refers to a constraint or request class 'wlss.transport.fsrc' but they are deployed on targets that have no servers in common. The MBeans must be deployed such that they share at least one server in common.This can occur when you modify the default Admin Server Name during domain configuration.The workaround is to use the default Admin Server Name (default: "AdminServer").
Severity: Warning
Rationale: Administration
Description: When using Oracle WebLogic Tuxedo Connector with Oracle WebLogic Server 9.2, the FML/FML32 buffers that are converted to XML present the fields in a random sequence.
Severity: Warning
Rationale: Development
Description: When using Oracle WebLogic Tuxedo Connector with Oracle WebLogic Server 9.2, the FML/FML32 buffers that are converted to XML present the fields in a random sequence.This problem, described in Oracle Bug 8093601, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 1.
Severity: Minor Warning
Rationale: Development
Description: weblogic.socket.MaxMessageSizeExceededException received for T3 clients as T3 max message size could not be changed on clients.
Severity: Warning
Rationale: Subsystem Outage
Description: weblogic.socket.MaxMessageSizeExceededException received for T3 clients as T3 max message size could not be changed on clients.This problem, described in Oracle Bug 8071036, has been fixed in Oracle WebLogic Server 9.2.
Severity: Minor Warning
Rationale: Subsystem Outage
Description: Because of an issue in the EJB container, the Work Manager configured for a Message-Driven Bean was not used in some cases. As a result, specific settings on the configured WorkManager, such as a MaxThreadConstraint, did not take affect. This problem is now resolved.
Severity: Warning
Rationale: Development
Description: Because of an issue in the EJB container, the Work Manager configured for a Message-Driven Bean was not used in some cases. As a result, specific settings on the configured WorkManager, such as a MaxThreadConstraint, did not take affect. This problem is now resolved.This problem, described in Oracle Bug 8054236, has been fixed in Oracle WebLogic Server 9.2.
Severity: Minor Warning
Rationale: Development
Description: Memory leak occurs in JMS thin client when running load tests; objects are not being released properly. This causes OutOfMemory errors on both the client and server side.
Severity: Critical
Rationale: Administration
Description: Memory leak occurs in JMS thin client when running load tests; objects are not being released properly. This causes OutOfMemory errors on both the client and server side.This problem, described in Oracle Bug 8099016, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 1.
Severity: Minor Warning
Rationale: Administration
Description: Instances of com.bea.wcp.sip.engine.server.LocalCallStateManager$CallState are not cleaned up when a UA sends a BYE before responding to a re-INVITE.This may occur if a UA hangs up (sends a BYE) before it has sent an OK response to a re-INVITE. Oracle WebLogic SIP Server may erroneously wait forever for the OK. - > INVITE< - 100 Trying< - 180 Ringing< - 200 OK - > ACK< - INVITE - > 100 Trying - > BYE (For ACK)< - 200 OK (For BYE)If the UA sends a BYE before responding to the re-INVITE, these call state instances are never destroyed. Over time, this may causes a memory leak of tens of megabytes.If the 100 Trying is not sent, then the re-INVITE times out with a 408 response; thus, dropping the sessions and not creating a memory leak.
Severity: Critical
Rationale: Server Outage
Description: On an HP-UX platform, when an I/O operation on a File Descriptor is canceled, the socket is not being properly cleaned. This causes a File Descriptor leak, which will eventually result in an OutOfMemoryError.
Severity: Critical
Rationale: Server Outage
Description: On HP-UX platform, when an I/O operation on a File Descriptor is canceled, the socket is not being properly cleaned. This causes a File Descriptor leak, which will eventually result in an OutOfMemoryError.This problem, described in Oracle Bug 8069912, has been fixed in Oracle WebLogic Server 9.2.
Severity: Minor Warning
Rationale: Server Outage
Description: A memory leak occurs with distributed garbage collection. On the server side, once all RMI clients are disconnected and the remote object is unbound from the RMI service, client code java.rmi.server.Unreferenced.unreferenced method is not being invoked as expected.
Severity: Minor Warning
Rationale: Administration
Description: A memory leak occurs with distributed garbage collection. On the server side, once all RMI clients are disconnected and the remote object is unbound from the RMI service, client code java.rmi.server.Unreferenced.unreferenced method is not being invoked as expected.This problem, described in Oracle Bug 8168050, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 3.
Severity: Minor Warning
Rationale: Administration
Description: Message bridge does not forward messages after server restart via console until it (message bridge) is restarted again.This problem, described in Oracle Bug 8131966, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Administration
Description: When messages are sent to a destination that was configured with a JMS quota, and that quota has been reached, messages will be inadvertently getting to the list of Pageable messages. This results in a memory leak because the messages are retained on the list of Pageable messages until the server is restarted.
Severity: Minor Warning
Rationale: Administration
Description: When messages are sent to a destination configured with a JMS quota and that quota is met, messages are inadvertently added to the list of Pageable messages. This results in a memory leak because the messages are retained on the list of Pageable messages until the server is restarted.This problem, described in Oracle Bug 8097206, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Administration
Description: If a Web Service uses a JMS Transport, and clients send multiple messages to the Web Service, messages are processed serially, using the same thread. This results in a backlog of received messages sitting in the queue, which then affects application performance.
Severity: Warning
Rationale: Administration
Description: Under high load, messages may become stuck in JMS queues. The JMS messages remain in a state of "receive," and the messages are still not delivered to the Error Dest, even after some hours. Upon a server restart, the messages are redelivered successfully.MessagingKernel debug analysis reveals that the messages stuck in the JMS Queue(s) failed to be unacknowledged by Oracle WebLogic Server, with the following error:Debug> <MessagingKernel> <000000> <Error rolling back received message: weblogic.messaging.kernel.KernelException: Message has already been acknowledgedweblogic.messaging.kernel.KernelException: Message has already been acknowledged at weblogic.messaging.kernel.internal.QueueImpl.negativeAcknowledgeInternal(QueueImpl.java:1314)...
Severity: Critical
Rationale: Subsystem Outage
Description: If a Business Service file is moved across NFS-mounted directories, it is failing with:<Jul 12, 2007 11:03:12 AM CEST> <Error> <WliSbTransports> <BEA-381210> <File cannot be moved from location XXXX to the stage directory. Current Process may not have permission to do this operation.>.This known Java limitation, described in Oracle Bug 8164983, has been fixed in Oracle Service Bus 2.6. The fix is included in Oracle Service Bus 3.0.
Severity: Warning
Rationale: User Viewable Errors
Description: According to RFC 4006, clause "8.41. Requested-Action AVP" the following values are defined. DIRECT_DEBITING 0 REFUND_ACCOUNT 1 CHECK_BALANCE 2 PRICE_ENQUIRY 3The values in class "com.bea.wcp.diameter.cc.CreditControl" are implemented with the following values: // Requested-Action AVP values public static final int DIRECT_DEBITING = 0; public static final int REFUND_ACCOUNT = 1; public static final int CHECK_BALANCE = 3; public static final int PRICE_ENQUIRY = 4;So, there is a mismatch for CHECK_BALANCE=3 and PRICE_ENQUIRY=4, which should be CHECK_BALANCE=2 and PRICE_ENQUIRY=3.
Severity: Warning
Rationale: Not Complying with Specifications
Description: When only a Ro Application is configured, the Diameter CER is missing the "Supported-Vendor-ID" AVP.
Severity: Warning
Rationale: Not Complying with Specifications
Description: When a PRACK is sent, the Tag parameter in the To: header is missing.
Severity: Warning
Rationale: Not Complying with Specifications
Description: For some Web applications, Execution High times and Low times are listed, but average execution times all show '0'.
Severity: Warning
Rationale: Not Complying with Specifications
Description: Under AIX 5.2/5.3 no runtime statistics appear in the console under the monitoring/statistics tab for a given JDBC data source.
Severity: Warning
Rationale: Administration
Description: When running on AIX 5.2/5.3, no runtime statistics appear in the console under the monitoring/statistics tab for a given JDBC DataSource.This problem, described in Oracle Bug 8136000, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 1.
Severity: Minor Warning
Rationale: Administration
Description: When a thread attempts to get a connection from the MultiDataSource, the connection attempt fails even if one member of the DataSource in the MultiDataSource is available.This exception occurs:java.sql.SQLException: Internal error: Cannot obtain XAConnection Creation ofXAConnection for pool MDS01 failed after default wait time configured forpool: java.lang.NullPointerException atweblogic.jdbc.jta.DataSource.refreshXAConnAndEnlist(DataSource.java:1325) at weblogic.jdbc.jta.DataSource.getConnection(DataSource.java:441) at weblogic.jdbc.jta.DataSource.connect(DataSource.java:397) ...
Severity: Minor Warning
Rationale: Administration
Description: MultiDataSources were all being treated as participating in transactions, even if the individual DataSources they contained were not.This problem, described in Oracle Bug 8104027, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: User Viewable Errors
Description: MultiDataSources were all being treated as participating in transactions, even if the individual DataSources they contained were not.
Severity: Warning
Rationale: User Viewable Errors
Description: If a server name includes multibyte characters, it displays as garbled text in JNDI Tree page. The server name to give JNDI Tree page is not URLencoded. If the parameter is URLencoded, JNDI Tree page is displayed correctly.
Severity: Minor Warning
Rationale: Not Complying with Specifications
Description: The multicast address must be between 224.0.0.0 and 239.255.255.255.
Severity: Warning
Rationale: Subsystem Outage
Description: Online help can be generated and stored in a multi-language index. However, the user cannot filter unnecessary result sets, so the search results include all of the translated versions of the page.That is because the index has entries that point to all the translated pages, regardless of the user language.
Severity: Minor Warning
Rationale: Not Complying with Specifications
Description: When the Oracle WebLogic SIP Server receives an INVITE with multiple Contact headers, a "100 trying" is sent back to the UAC instead of the expected "400 Bad Request," and the following error occurs:Error> <WLSS.Transport> <BEA-330608> <Socket errorjava.lang.IllegalArgumentException: Multiple Contacts in SIP request at com.bea.wcp.sip.engine.server.SipSessionImpl.getRemoteUri(SipSessionImpl.java:342) .........
Severity: Warning
Rationale: Not Complying with Specifications
Description: The weblogic.jms.extensions.WLMessageProducer.send(jmsMessage) causes the client application to hang when the following circumstances occur at the same time:* WLMessageProducer.setUnitOfOrder("example1") was set before the application called wlMessageProducer.send(message)* The distributed destination for the message contained DistributedDestinationBean.setUnitOfOrderRouting("PathService") instead of the default "Hash"* An exception occurred when using the path service. This could be attributed to a network problem or the server not being rebooted.
Severity: Critical
Rationale: Subsystem Outage
Description: Many threads get blocked on weblogic.messaging.kernel.internal.MessageHandle.waitForPaging(MessageHandle.java:474)The block is as a result of waiting for the Paging on MessageHandle(s) to finish.The particular thread that appears to be holding the lock is: "[ACTIVE] ExecuteThread: '303' for queue: 'weblogic.kernel.Default (self-tuning)'" RUNNABLE weblogic.messaging.kernel.internal.PagingImpl.run(PagingImpl.java:455) weblogic.work.ServerWorkManagerImpl$WorkAdapterImpl.run (ServerWorkManagerImpl.java:518) weblogic.work.ExecuteThread.execute(ExecuteThread.java:207) weblogic.work.ExecuteThread.run(ExecuteThread.java:179)The thread is RUNNABLE and holds the lock on a MessageHandle.
Severity: Minor Warning
Rationale: Administration
Description: Many threads get blocked on weblogic.messaging.kernel.internal.MessageHandle.waitForPaging(MessageHandle.java:474)The block is as a result of waiting for the Paging on MessageHandle(s) to finish.The particular thread that appears to be holding the lock is: "[ACTIVE] ExecuteThread: '303' for queue: 'weblogic.kernel.Default (self-tuning)'" RUNNABLE weblogic.messaging.kernel.internal.PagingImpl.run(PagingImpl.java:455) weblogic.work.ServerWorkManagerImpl$WorkAdapterImpl.run (ServerWorkManagerImpl.java:518)The thread is RUNNABLE and holds the lock on a MessageHandle.This problem, described in Oracle Bug 8112849, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Administration
Description: When using -Dweblogic.system.iiop.reconnectOnBootstrap=true on IIOP client, IIOP sockets are created/closed per creating InitialContext. However, weblogic.iiop.MuxableSocketIIOP remains in sockets in SocketMuxer. As a result, an OutOfMemoryError occurs on the IIOP client.
Severity: Minor Warning
Rationale: Administration
Description: When authenticating to a Web service through a Java client, the NOT GROUP role condition is not resolved correctly. When a user is assigned to a group that is affected by the incorrect NOT GROUP role condition, Oracle WebLogic Server erroneously associates the user with the NOT GROUP role. When authentication is done through the login page, the NOT GROUP condition is resolved correctly and the user is not associated with the NOT GROUP role.
Severity: Minor Warning
Rationale: Administration
Description: Missing Null check in the WebService Builder code is causing a NullPointerException during the deployment time.
Severity: Warning
Rationale: Subsystem Outage
Description: Missing Null check in the WebService Builder code is causing a NullPointerException during the deployment time.This problem, described in Oracle Bug 8108165, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Subsystem Outage
Description: During the server startup the performance pack or native IO should be loaded if NativeIOEnabled switch is turned on. If this does not occur, usually the library path is not set correctly or the user rights for the directory or performance pack library file are not set properly.
Severity: Warning
Rationale: Performance
Description: Currently, you cannot specify the socket connect timeout while creating a new SSL socket. Having the ability to specify this timeout, rather than relying on the default OS timeout value, will result in faster bailout if the remote server is not available.
Severity: Minor Warning
Rationale: Administration
Description: If a work manager has been configured to use different values for the MinThreadsConstraint and MaxThreadsConstraint properties, the PendingUserRequestCount could be a negative value, and many NullPointerExceptions may be written to the server log after a high load.
Severity: Minor Warning
Rationale: Administration
Description: If Oracle WebLogic Server SIP Server receives a diameter CCA message that does not contain a session ID, then the method "rcvMessage(Message msg)" is not called for any "Ro Applications" that implemented the interface com.bea.wcp.diameter.SessionListener.
Severity: Warning
Rationale: Not Complying with Specifications
Description: A missing exception check after JNI calls can lead to a core dump, which may cause Oracle WebLogic Server to crash.
Severity: Minor Warning
Rationale: Administration
Description: Oracle WebLogic Server application servers may crash with a core dump. A missing exception check after JNI calls can lead to a core dump.This problem, described in Oracle Bug 8136438, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Administration
Description: 1) Create a "Monitor" user and log on using it.2) Click on the button "Take Lock" [Note "Monitors" cannot change things in the console].3) There is no error on the console page.
Severity: Minor Warning
Rationale: Administration
Description: There is no mechanism to validate incoming SOAP requests from an untrusted client. The validation should be carried out against the XML schema specified in the types node of a Web Service Definition Language (WSDL).
Severity: Minor Warning
Rationale: Not Complying with Specifications
Description: There is no mechanism to validate incoming SOAP requests from an untrusted client. The validation should be carried out against the XML schema specified in the types node of a Web Service Definition Language (WSDL).This problem, described in Oracle Bug 7896451, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 1.
Severity: Minor Warning
Rationale: Not Complying with Specifications
Description: weblogic.store.Admin is a utility to administer JMS stores.The utility weblogic.store.Admin ships with Oracle WebLogic Server 9.1 but is not supported.The command documentation is available viajava weblogic.store.Admin helporjava weblogic.WLSTType ?helpstore()? at the command prompt
Severity: Minor Warning
Rationale: Administration
Description: In the Service Provider (SP) in Oracle WebLogic Server 9.1.1 and 9.2.0, if any identity provider (IdP) partners have virtual users and/or process attributes set to "true," then the SAML authentication provider must also be configured. However, if this is not configured, no warning message is displayed, and virtual users and process attributes do not work properly.
Severity: Minor Warning
Rationale: Administration
Description: For servers running on Linux, the Node Manager shutdown process does not release any bound addresses.
Severity: Warning
Rationale: User Viewable Errors
Description: The following fatal error occurs if the path to the NodeManager libraries is not set prior to starting the NodeManager: <SEVERE> <Fatal error in node manager server> weblogic.nodemanager.common.ConfigException: Native version is enabled but node manager native library could not be loaded at weblogic.nodemanager.server.NMServerConfig.initProcessControl(NMServerConfig.java:212) at weblogic.nodemanager.server.NMServerConfig.<init>(NMServerConfig.java:172)...
Severity: Critical
Rationale: Server Outage
Description: When non-persistent messages with a unit-of-order were forwarded through an imported destination configured with the at-most-once, non-persistent override option, messages were delivered out of order.Workaround or Solution:The messages are now delivered in the correct order.
Severity: Warning
Rationale: Subsystem Outage
Description: If there is a pinned EJB on a single node of the cluster and an application is targeted at the cluster to access this EJB, it may cause the JNDI lookup failure of the EJB that is deployed to only a single managed server.A deployment that targets an application to the whole cluster, rather than to individual servers in the cluster, is known as a "homogeneous deployment." The deployment of an EJB component to an individual server is known as "non-homogeneous deployment." Oracle supports non-homogeneous deployment only if all classes of the EJB component on all the nodes in the cluster are deployed.
Severity: Warning
Rationale: User Viewable Errors
Description: When an interface is not compliant with the implementation classes, Oracle JRockit may crash or throw a NullPointerException. This occurs because Oracle JRockit does not perform verification of implemented interfaces before a call, unless it is started with the option -Xverify:all.Oracle JRockit R24.5.0 and previous versions crash under these conditions. Oracle JRockit R25.2.1-11 and later throw a NullPointerException where an IncompatibleClassChangeError could be expected.
Severity: Critical
Rationale: Server Outage
Description: Unable to monitor the MDB Durable Subscriber in the Oracle WebLogic Server Administration Console.
Severity: Minor Warning
Rationale: Development
Description: For example, if you:1. Create a desktop 'mydesktop'.2. In the library, create book 'mybook' and page 'mypage'.3. Add 'mybook' in 'mydesktop'.4. Create a role 'myrole' in Delegated Administraion (DA) and associate a user 'myuser' to it.5. Set 'can manage instance' on 'mybook' within the desktop to 'myrole'.6. Set 'Create/Remove Instances' on 'mypage' available into the library.When 'myuser' logs in the PAT and tries to add 'mypage' to 'mybook', access is disallowed to 'mypage' (when selecting show all pages).To workaround change the 'Create/Remove Instances' capability on 'mypage' to the 'manage definition' capability. This may not be suitable if the DA can then modify 'mypage' in the library.Note: The issue occurs also if you want to add a book instead of a page.
Severity: Minor Warning
Rationale: User Viewable Errors
Description: The Delegated Administrator can modify a page in the library. The problem, described in Oracle Bug 8166307, is fixed in Oracle WebLogic Server 9.2 Maintenance Pack 3.
Severity: Minor Warning
Rationale: User Viewable Errors
Description: If multiple NodeManager instances are running on the same box, a race condition can result.Although the Managed Server instances will start-up okay, a "EditNotEditorException: Not edit lock owner" will be seen:This will be seen if both NodeManager instances are running and listening at the same port number when the Managed Server is started.
Severity: Warning
Rationale: User Viewable Errors
Description: Using the Oracle WebLogic Server console to deploy a Jolt pool on cluster, no sessions are established on Oracle Tuxedo server.Deploying the same Jolt pool on some servers of the cluster, the sessions are correctly established with Tuxedo.Cause: When target is cluster an error on Oracle Tuxedo jolt classes fixed by Oracle Bug 8053849.Resolution: This issue, described in Oracle Bug 8053849, is fixed on Tuxedo 9.1 patch 61.
Severity: Warning
Rationale: Subsystem Outage
Description: In Oracle WebLogic Server 9.2, a Web Services client runtime NullPointerException may occur inweblogic.wsee.bind.internal.FormQualifiedHelper.getPropertyForElement(). This can occur if the source Web Service Definition Language (WSDL) contains an anonymous type as a referenced fault element. This same source WSDL works without runtime issues in Oracle WebLogic Server 8.1, Websphere 6.0.2, Websphere 6.1, Artix 4.2, and JBoss 4.0.3.
Severity: Critical
Rationale: Not Complying with Specifications
Description: A NullPointerException can occur in a Managed Server when Oracle WebLogic Server uses java.io.ObjectOutputStream$BlockDataOutputStream.getUTFLength(). For example, this can occur when Oracle WebLogic Server is logging, using WLLogRecord.Server log shows:<Jun 11, 2007 6:33:01 PM EDT> <Error> <Kernel> <BEA-000802> <ExecuteRequest failed java.lang.NullPointerException.java.lang.NullPointerException at java.io.ObjectOutputStream$BlockDataOutputStream.getUTFLength(ObjectOutputStream.java:1941) at java.io.ObjectOutputStream$BlockDataOutputStream.writeUTF(ObjectOutputStream.java:1812) ...
Severity: Minor Warning
Rationale: Administration
Description: A NullPointerException can occur in a managed server when Oracle WebLogic Server uses java.io.ObjectOutputStream$BlockDataOutputStream.getUTFLength().Server log shows:ExecuteRequest failed java.lang.NullPointerException.java.lang.NullPointerException at java.io.ObjectOutputStream$BlockDataOutputStream.getUTFLength(ObjectOutputStream.java:1941) at java.io.ObjectOutputStream$BlockDataOutputStream.writeUTF(ObjectOutputStream.java:1812) at java.io.ObjectOutputStream.writeUTF(ObjectOutputStream.java:816) at weblogic.logging.WLLogRecord.writeExternal(WLLogRecord.java:257) ...This problem, described in Oracle Bug 8156269, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 3.
Severity: Minor Warning
Rationale: Administration
Description: A NullPointerException can occur in a managed server when Oracle WebLogic Server uses java.io.ObjectOutputStream$BlockDataOutputStream.getUTFLength(). For example, this can occur when Oracle WebLogic Server is using WLLogRecord.The server log contains:<Jun 11, 2007 6:33:01 PM EDT> <Error> <Kernel> <BEA-000802> <ExecuteRequest failed java.lang.NullPointerException.java.lang.NullPointerException at java.io.ObjectOutputStream$BlockDataOutputStream.getUTFLength(ObjectOutputStream.java:1941) at java.io.ObjectOutputStream$BlockDataOutputStream.writeUTF(ObjectOutputStream.java:1812) ...>This problem, described in Oracle Bug 8156269, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 3.
Severity: Minor Warning
Rationale: Administration
Description: For Oracle WebLogic Server 9.2 Maintenance Pack 1, when primKeyClass attribute is deleted from the @Entity annotation for an entity bean,a crash-web window pops up with the following exception:java.lang.NullPointerException at com.bea.wls.ejbgen.GeneratedFileInfo.init(GeneratedFileInfo.java:115) at com.bea.wls.ejbgen.GeneratedFileInfo.<init>(GeneratedFileInfo.java:47) ...
Severity: Minor Warning
Rationale: Administration
Description: Customers report that a NullPointer Exception is thrown when trying to access an application that is deployed as a hot deployment.java.lang.NullPointerExceptionat javelin.java.typesystem.ParamType.equalsNonRecursive(ParamType.java:502) at javelin.java.typesystem.Method.paramsEqual(Method.java:318) at javelin.java.typesystem.Method.equals(Method.java:336)
Severity: Minor Warning
Rationale: Development
Description: The SQL query 'select x,y from mytable where x = ?' causes a nullPointerException if the runtime parameter value is null. A non-null value is expected in the query.
Severity: Warning
Rationale: User Viewable Errors
Description: The SQL query 'select x,y from mytable where x = ?' causes a nullPointerException if the runtime parameter value is null. A non-null value is expected in the query.This problem, described in Oracle Bug 8091359, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 1.
Severity: Minor Warning
Rationale: User Viewable Errors
Description: You get a NullPointerException from the embedded LDAP in the admin server log while starting managed servers in a domain where the domain wide administration port is enabled.<Dec 11, 2007 10:38:41 AM IST> <Critical> <EmbeddedLDAP> <000000><java.lang.NullPointerException at weblogic.socket.SocketMuxer.deliverExceptionAndCleanup(SocketMuxer.java:715) at weblogic.socket.SocketMuxer.deliverEndOfStream(SocketMuxer.java:684) at weblogic.ldap.MuxableSocketLDAP$LDAPSocket.close(MuxableSocketLDAP.java:118) ...
Severity: Minor Warning
Rationale: Administration
Description: A NullPointerException from ByNameRuntimeBindingType.java occurs in the client while the client is receiving a SOAP response from a Web service invocation. The Web service side completes the invocation and sends the response. However, at the client end, this SOAP message is deserialized and is not read properly.
Severity: Warning
Rationale: User Viewable Errors
Description: A NullPointerException from ByNameRuntimeBindingType.java occurs in the client while the client is receiving a SOAP response from a WebService invocation. The Web service side completes the invocation and sends the response. However, at the client end this SOAP message is deserialized and so not read properly.This problem, described in Oracle Bug 8166222, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 3.
Severity: Minor Warning
Rationale: User Viewable Errors
Description: Running with Oracle JRockit 1.5.0_08(R27.1.0) and getting a NullPointerException in java.nio.DirectByteBuffer._get()Following is the stack trace along with the NPE thrown,java.lang.NullPointerException:java.nio.DirectByteBuffer._get(Unknown Source)java.nio.Bits.getIntL(Unknown Source)java.nio.Bits.getInt(Unknown Source)java.nio.HeapByteBuffer.getInt(Unknown Source)
Severity: Warning
Rationale: Administration
Description: During undeployment, MDBs are not unregistered from the migration service, causing a NullPointerException to occur during JMS migration.
Severity: Warning
Rationale: Administration
Description: During undeployment, MDBs are not unregistered from the migration service, causing a NullPointerException to occur during JMS migration.This problem, described in Oracle Bug 8061209, has been fixed in Oracle WebLogic Server 9.1.
Severity: Minor Warning
Rationale: Administration
Description: Calling JwsContext.getProtocol() and JwsContext.getService() from a service control callback handler triggers a NullPointerException from the JWS container.
Severity: Minor Warning
Rationale: User Viewable Errors
Description: While marshalling the response of a Web Service call, the following NullPointerException occurs:java.lang.NullPointerExceptionat com.bea.staxb.runtime.internal.MarshalResult.addXsiTypeAttribute(MarshalResult.java:166)...The issue is at the Client side when attempting to marshal the Request Object when the ComplexType contains a type of 'xs:anyType':Web Service Definition Language (WSDL): <xs:complexType name='EventType'> <xs:element name='payload' type='xs:anyType'/> </xs:sequence>JavaClient: EventType event = new EventType(); event.setPayload('payload');If 'event.setPayload('payload');' is NOT invoked on the Client side, then the WebSe4rvice Request is successful.
Severity: Warning
Rationale: Administration
Description: While marshalling the response of a Web Service call, the following Exception occurs:java.lang.NullPointerExceptionat com.bea.staxb.runtime.internal.MarshalResult.addXsiTypeAttribute(MarshalResult.java:166)...The issue occurs when the client attempts to marshal the Request Object when the ComplexType contains a type of 'xs:anyType':Web Service Definition Language (WSDL): <xs:complexType name='EventType'> <xs:element name='payload' type='xs:anyType'/> </xs:sequence>JavaClient: EventType event = new EventType(); event.setPayload('payload');If 'event.setPayload('payload');' is NOT invoked on the Client side, the WebService Request is successful.This problem, see Oracle Bug 8159206, is fixed in Oracle WebLogic Server 9.2 Maintenance Pack 3.
Severity: Minor Warning
Rationale: Administration
Description: A NullPointerException occurs in the Managed Server SAF (Store and Forward) monitoring page when the Managed Server is not running. The following error is logged:<Error> <Console> <user01> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <system> <> <> <1191215084469> <BEA-240003> <Consoleencountered the following error Unexpected exception occured in page flowrequest processor:java.lang.NullPointerException at com.bea.console.actions.core.server.ServerMonitoringSafAction.execute(ServerMonitoringSafAction.java:84)
Severity: Minor Warning
Rationale: Administration
Description: A NullPointerException occurs when the JSP compiler is used to compile HTML files with JSP tags. Only the HTML compiler can successfully compile these files.Example NullPointerException: java.lang.NullPointerException at javelin.SourceFile.compileGeneratedFiles(SourceFile.java:709) at javelin.ProxySourceFile.codeGen(ProxySourceFile.java:249) at javelin.SourceFile.codeGen(SourceFile.java:310) at javelin.client.ClientUtilsImpl$CodeGenJob.run(ClientUtilsImpl.java:1105) at javelin.client.Job.performJob(Job.java:81) at javelin.client.ThreadPool$WorkerThread.run(ThreadPool.java:215)
Severity: Warning
Rationale: Administration
Description: When you navigate the file structure to deploy an application and, if some of the directories in the file structure do not have Read access, the Administration Console used to raise NullPointerException instead of displaying a message that says no files are selectable.
Severity: Minor Warning
Rationale: Administration
Description: A NullPointerException is reported by JWSC (Java Web Service compiler) if portName in the implementation class does not match with the portName in Web Service Definition Language (WSDL).Sample error message:java.lang.NullPointerExceptionat weblogic.wsee.tools.anttasks.JwscTask.execute(JwscTask.java:190)at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:275)at org.apache.tools.ant.Task.perform(Task.java:364)at org.apache.tools.ant.Target.execute(Target.java:341)at org.apache.tools.ant.Target.performTasks(Target.java:369)at org.apache.tools.ant.Project.executeSortedTargets(Project.java:1216)at org.apache.tools.ant.Project.executeTarget(Project.java:1185)...
Severity: Warning
Rationale: Development
Description: Customize table page for JMSServer monitoring throws:java.lang.NoSuchMethodException: Unknown property 'messagesHighCount'when "Messages High" is selected from Available to Chosen and Apply button is clicked.
Severity: Warning
Rationale: User Viewable Errors
Description: If a Managed Server instance looks for a Container-Managed Persistence (CMP) EJB that has just been created on another Managed Server instance, a findByPrimaryKey call will fail.Even though the record will exist in the database, the CMP bean will not be found, with an ObjectNotFoundException encountered:javax.ejb.ObjectNotFoundException: Bean with primary key '12345' was not found by 'findByPrimaryKey'.The same findByPrimaryKey call by the Managed Server on which the EJB has been created will be successful.
Severity: Minor Warning
Rationale: User Viewable Errors
Description: If a managed server instance looks for a Container-Managed Persistence (CMP) EJB that has just been created on another managed server instance, a findByPrimaryKey call will fail.Even though the record will exist in the database, the CMP bean will not be found, with an ObjectNotFoundException encountered:javax.ejb.ObjectNotFoundException: Bean with primary key '12345' was not found by 'findByPrimaryKey'.The same findByPrimaryKey call by the managed server on which the EJB has been created will be successful.This problem, described in Oracle Bug 8074427, has been fixed in Oracle WebLogic Server 9.2.
Severity: Minor Warning
Rationale: User Viewable Errors
Description: On Linux platforms, a stuck thread can occur at com/certicom/tls/record/WriteHandler.flushOutput().Resolution:SSL sockets are now closed correctly on Linux when the CompleteMessageTimeout triggers.
Severity: Minor Warning
Rationale: Administration
Description: The operator user is unable to stop a managed server due to a JDBC unprepare error:Unable to unprepare application '...'.The exception thrown is:weblogic.common.resourcepool.ResourcePermissionsException: User "OperatorUser" does not have permission to perform operation "admin" on resource "testPool" of module "null" of application "null" of type "ConnectionPool"
Severity: Minor Warning
Rationale: Administration
Description: The operator user is unable to stop a managed server due to a JDBC unprepare error:Unable to unprepare application '...'.The exception thrown is:weblogic.common.resourcepool.ResourcePermissionsException: User "OperatorUser" does not have permission to perform operation "admin" on resource "testPool" of module "null" of application "null" of type "ConnectionPool"This problem, described in Oracle Bug 8144568, has been fixed in Oracle WebLogic Server 10.0.
Severity: Minor Warning
Rationale: Administration
Description: The operator user is unable to stop a managed server due to a JDBC unprepare error:Unable to unprepare application '...'.The exception thrown is:weblogic.common.resourcepool.ResourcePermissionsException: User "OperatorUser" does not have permission to perform operation "admin" on resource "testPool" of module "null" of application "null" of type "ConnectionPool"
Severity: Minor Warning
Rationale: Administration
Description: The operator user is unable to stop a managed server due to a JDBC unprepare error:Unable to unprepare application '...'.The exception thrown is:weblogic.common.resourcepool.ResourcePermissionsException: User "OperatorUser" does not have permission to perform operation "admin" on resource "testPool" of module "null" of application "null" of type "ConnectionPool"This problem, described in Oracle Bug 8087668, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 4.
Severity: Minor Warning
Rationale: Administration
Description: EJB batch enabling for Oracle uses some Oracle-specific non-standard JDBC methods while creating prepared statements. If these statements are cached in the pool, the non-standard behavior of these statements remains for any subsequent user. One chief symptom is that a subsequent standard update call that should succeed, will return 0.A specific test scenario causes an OptimisticConcurrencyException despite there is no other access to the involved entities.Exception:weblogic.ejb.OptimisticConcurrencyException: [EJB:010143]Optimistic concurrency violation.The problem, described in Oracle Bug 8069311, has been fixed in Oracle WebLogic Server 9.2.
Severity: Minor Warning
Rationale: User Viewable Errors
Description: EJB batch enabling for Oracle uses some Oracle-specific non-standard JDBC methods while creating prepared statements. If these statements are cached in the pool, the non-standard behavior of these statements remains for any subsequent user. One chief symptom is that a subsequent standard update call that should succeed, will return 0, meaning no row was updated. In fact the call is never sent to the DBMS but is batched in the statement, waiting for a special batch call, or many more executeUpdate() calls until the non-standard set batch number is reached.Exception:weblogic.ejb.OptimisticConcurrencyException: [EJB:010143]Optimistic concurrency violation.
Severity: Warning
Rationale: User Viewable Errors
Description: Oracle JRockit 1.4.2_12 crashed on multiple WLS 8 SP4 servers.Oracle JRockit dump shows the following stack trace:Stack 0: start=0xb7a58000, end=0xb7a9c000, guards=0xb7a5d000 (ok),forbidden=0xb7a5b000Thread Stack Trace: at mmGetObjectSize+8()@0xb7e6b3c8 at findNext+166()@0xb7e9a006 at refIterGetNext+44()@0xb7e9a24c at trMarkRootsForThread+325()@0xb7ea83b5 at mmMarkRootsForThread+44()@0xb7e2cc2c at mmParThreadInspection+45()@0xb7e7794d at tsDoGCInspectionForAllThreads+37()@0xb7ed8555 at mmParMark+118()@0xb7e77d16 at mmGCMainLoop+1074()@0xb7d73722 at tsiCallStartFunction+81()@0xb7e1ac81 at tsiThreadStub+126()@0xb7e1bd1e at ptiThreadStub+18()@0xb7e840d2 at start_thread+129()@0x9e6371 at clone+94()@0x88e9be - Java stack -
Severity: Critical
Rationale: Server Outage
Description: When using Oracle JRockit 1.5.0_04 in a Oracle WebLogic Server domain with RFID Enterprise 2.0, the server may hang during startup. This problem with slow startup occurs only if the default Java heap settings have been modified (for example, when specifying a setting such as -Xmx1024mb). If the heap settings have been modified, up to 99 percent of the CPU memory may be utilized during startup.This problem does not happen with Oracle JRockit 1.5.0_06.
Severity: Critical
Rationale: Server Outage
Description: Oracle JRockit 5.0 - file.encoding does not work on Linux - instead the default system settings are usedIn java versions prior to 5.1 (or 1.5), the system property -D file.encoding defined an encoding that will be used by FileReader / FileWriter. This is still true for Sun Hotspot 1.5 and also for Oracle JRockit 5.0 on Windows.However, on Linux, setting the system property -Dfile.encoding does not have any effect on FileReader / FileWriter They take their encoding from the system default settings.This problem only happens on Linux - not on Windows.
Severity: Warning
Rationale: Administration
Description: In Oracle JRockit R26 versions earlier than R26.4 on Windows operating systems, Oracle JRockit can expose a problem in the OS related to multimedia timers that causes the system time to be adjusted backwards.This can cause the system time to jump back by about 1 minute. If this happens, you can turn off the use of multimedia timers with -Djrockit.periodictask.usemmtimers=false, otherwise upgrade to R26.4 or later.
Severity: Warning
Rationale: Administration
Description: For JRockit releases R26.4 and R27, if a thread was interrupted for garbage collection while it was in the process of copying an array, then the garbage collection may result in very long pauses.
Severity: Warning
Rationale: Performance
Description: Sometimes, calling inflate on a closed Inflater results in Oracle JRockit crashing, creating a core file. It can occur with Oracle JRockit R27.3.1.The relevant stack trace will be similar to the following:Thread Stack Trace: at inflate+73()@0x000000001027C409 at RJNI_java_util_zip_Inflater_inflateFast+90()@0x000000001020162A - Java stack - at java/util/zip/Inflater.inflateFast(JJIJI)I(Native Method) at java/util/zip/Inflater.inflateBytes(Inflater.java:354) at java/util/zip/Inflater.inflate(Inflater.java:216)
Severity: Critical
Rationale: Administration
Description: Oracle does not support Oracle JRockit running on the ELhugemem kernel.The ELhugemem kernel had been intended as a stopgap measure until 64-bit kernels, which are a better choice, became readily available. An example of problems with the ELhugemem kernel is 5-10 percent performance loss under normal I/O and even greater performance degradation when more calls are made into the kernel (for example, heavy I/O).
Severity: Warning
Rationale: Not Complying with Specifications
Description: In Oracle Service Bus, stuck threads can occur when processing xQueries, when CachingFactory.createEnginge() performs a HashMap.getEntry().This problem, described in Oracle Bug 8144110, has been fixed in Oracle Service Bus 3.0, which requires Oracle WebLogic Server 10.0 Maintenance Pack 1.
Severity: Minor Warning
Rationale: Server Outage
Description: In DATSU format (the new standard for financial data interchange between companies and many public organisations), one field is a repeating node that is deeply nested in the document hierarchy. This causes a loop in the Message Format Language (MFL) engine, generating a performance issue.
Severity: Warning
Rationale: Performance
Description: In DATSU format (the new standard for financial data interchange between companies and many public organisations), one field is a repeating node that is deeply nested in the document hierarchy. This causes a loop in the Message Format Language (MFL) engine, generating a performance issue.This problem, described in Oracle Bug 8092408, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 1.
Severity: Minor Warning
Rationale: Performance
Description: In Oracle Service Bus, stuck threads can occur when processing xQueries, when CachingFactory.createEnginge() performs a HashMap.getEntry().
Severity: Critical
Rationale: Server Outage
Description: In WebLogic Integration 8.1 Maintenace Pack 5, the JPD instances are not rolled back on transaction timeout, but continue running past the transaction timeout value.
Severity: Minor Warning
Rationale: User Viewable Errors
Description: Oracle WebLogic Integration 9.2 runs out of Java heap memory, which results in an Out of Memory error in the Oracle WebLogic Server Administration Console.The following error message is displayed:"java.lang.OutOfMemoryError: Java heap space"
Severity: Critical
Rationale: Server Outage
Description: In the WYSIWYG editor in Oracle WebLogic Portal 9.2 Administration Console, if you want to change the text color or the background color, the small popup window displaying all colors is hidden by the right window border. You will then be unable to select the hidden colors.Resolution:Apply patches for Oracle Bug 8093016. 9.2.0.0
Severity: Y7Q4
Rationale: 3LDHULYY
Description: In the WYSIWYG editor in the Oracle WebLogic Portal 9.2 Administration Console, if you want to change the text color or the background color, the small pop-up window displaying all colors is hidden by the right window border. You will then be unable to select the hidden colors.Resolution: Apply patches for Oracle Bug 8093016. 9.2.0.0
Severity: Y7Q4
Rationale: 3LDHULYY
Description: Oracle WebLogic Server RFID Enterprise Server 2.0 is only supported by Oracle WebLogic Server 9.2 and later.
Severity: Minor Warning
Rationale: Administration
Description: In a replicated environment, Oracle WebLogic SIP Server is retransmitting more "200 OK" and "487 Request Terminated" than expected. There is no 408 request timeout sent after 64*T1 based on RFC 3261 section 17.1.1.2.
Severity: Warning
Rationale: Not Complying with Specifications
Description: In a complex domain with multiple managed servers and JMS components, Oracle WebLogic Server 9.2 can take more than 40 minutes to configure the domain with the Oracle WebLogic Scripting Tool (WLST) offline. With WLST online, it finishes within a minute. Oracle WebLogic Server 8.1 takes less than a minute to achieve the same as well.To improve performance, a new system property is introduced that disables the maintenance of JMS backward compatibility. With the use of the system property ('disable.jms.backward.compatibility'), it stops maintaining backward compatibility. This means old JMS objects may not be accessible or in sync with the JMSSystemResource. Any further change will need to be made through the SystemResource objects.
Severity: Minor Warning
Rationale: Administration
Description: Oracle WebLogic Scripting Tool fails to throw exceptions as expected upon error.
Severity: Minor Warning
Rationale: Development
Description: When running the WLRT demo application on Oracle WebLogic Server 9.1 with JRockit, if you are using a large number of threads to stress the application, Oracle WebLogic Server deadlocks after a period of time.Investigation found that the threads where spinning in HashMap.put, which is called by HashSet.add. The same HashSet is used from several threads without synchronization, which results in that the HashMap getting broken. The threads are spinning since the linked list of objects in the map form a circular list.
Severity: Warning
Rationale: Administration
Description: When running the WLRT demo application on Oracle WebLogic Server 9.1 with JRockit, if you are using a large number of threads to stress the application, Oracle WebLogic Server deadlocks after a period of time.Investigation found that the threads where spinning in HashMap.put, which is called by HashSet.add. The same HashSet is used from several threads without synchronization, which results in that the HashMap getting broken. The threads are spinning since the linked list of objects in the map form a circular list.This problem, described in Oracle Bug 8067824, has been fixed in Oracle WebLogic Server 9.2.
Severity: Minor Warning
Rationale: Administration
Description: In Oracle WebLogic Server 9.2, when there is an active transaction on a thread that has not been committed or rolled back, the web container does not abort the transaction when the servlet execution is complete.
Severity: Critical
Rationale: Not Complying with Specifications
Description: In Oracle WebLogic Server 9.2, when there is an active transaction on a thread that has not been committed or rolled back, the web container does not abort the transaction when the servlet execution is complete.This problem, described in Oracle Bug 8140851, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 3.
Severity: Minor Warning
Rationale: Not Complying with Specifications
Description: Oracle WebLogic Server response was slow when concurrent requests were sent using a .NET client.This problem has been resolved. Oracle WebLogic Server sends "100-continue response" code immediately on receiving Expect Header if auth-method has been defined as FORM-based or undefined in the web application's deployment descriptor.
Severity: Minor Warning
Rationale: Performance
Description: Oracle WebLogic Server response was slow when concurrent requests were sent using a .NET client.This problem has been resolved. Oracle WebLogic Server sends "100-continue response" code immediately on receiving Expect Header if auth-method has been defined as FORM-based or undefined in the web application's deployment descriptor.This problem, described in Oracle Bug 8105659, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 1.
Severity: Minor Warning
Rationale: Performance
Description: Depending on the timing, during the service migration, the persistent store associated with the JMSServer may get closed before a clean shutdown record is written.
Severity: Warning
Rationale: Subsystem Outage
Description: Oracle WebLogic Server is running on an AIX platform and is configured with IIOP enabled. Please note that the thin client is not supported for this configuration.
Severity: Minor Warning
Rationale: Non-User Viewable Errors
Description: The Oracle thin driver prior to 10.2 does not work with JDK 1.5.
Severity: Minor Warning
Rationale: User Viewable Errors
Description: The compare() method of BEMessageComparator raises a ClassCastException, resulting in stuck messages.
Severity: Minor Warning
Rationale: Administration
Description: If a schema used in Oracle Service Bus has recursive nodes, upon stage and edit, a node eventually causes the following OutOfMemoryError:<Apr 19, 2007 7:48:17 AM MDT> <Error> <netuix> <BEA-423147> <Exception [com.bea.portlet.adapter.scopedcontent.ActionLookupFailedException:java.lang.OutOfMemory Error: Java heap space] thrown while trying to do task [handlePostbackData] in class [com.bea.netuix.servlets.controls.content.StrutsContent].com.bea.portlet.adapter.scopedcontent.ActionLookupFailedException: java.lang.OutOfMemoryError: Java heap space...java.lang.OutOfMemoryError: Java heap space>
Severity: Critical
Rationale: Administration
Description: Frequent connection and disconnection to the Oracle WebLogic Server JMS distributed queue by a client application results in an OutOfMemory exception, after some hours (in this case 4 to 5 hours).This problem, described in Oracle Bug 8292535, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Subsystem Outage
Description: An OutOfMemory error occurs when using a number of distributed queues (in this case, 40 queues) with Oracle WebLogic Server 9.1 or 9.2 through Maintenance Pack 3. When a receiver client frequently connects and disconnects to the JMS distributed queue, an OutOfMemory error occurs after a few hours (in this case four to five hours).
Severity: Warning
Rationale: Administration
Description: Oracle recommends that the rotation type of a server log be set to "bySize", not "byTime". This is because Oracle WebLogic Server creates an indice of various logs for its diagnostic framework and this task requires free heap space as much as the log file size. Server logs tend to be large, so its size should be restricted explicitly to avoid an OutOfMemoryError. The appropriate log file size depends on the free Java heap size. The default value is 500 KB.
Severity: Minor Warning
Rationale: Administration
Description: By default, the JVM heap size of a managed server is 64 megabytes. Note that deploying applications on a managed server with this heap size is likely to result in an OutOfMemory exception.
Severity: Warning
Rationale: Administration
Description: When making an outbound POST request from Oracle WebLogic Server, the value for Transfer-Encoding used to be 'Chunked' instead of 'chunked'. This violated the RFC specification.
Severity: Warning
Rationale: User Viewable Errors
Description: When making an outbound POST request from Oracle WebLogic Server, the value for Transfer-Encoding used to be 'Chunked' instead of 'chunked'. This violated the RFC specification.This problem, described in Oracle Bug 8127403, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 3.
Severity: Minor Warning
Rationale: User Viewable Errors
Description: When a user does not have PKI credential mapping, but the user belongs to agroup which has PKI credential mapping, retrieval of the credentialsfor this user fails. The change fixed this issue.
Severity: Minor Warning
Rationale: User Viewable Errors
Description: When a user does not have PKI credential mapping but does belong to a group which has PKI credential mapping, retrieval of the credentials for this user fails. The change fixed this issue.This problem, described in Oracle Bug 8131634, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: User Viewable Errors
Description: When using Oracle WebLogic Integration 9.2 Maintenance Pack 1/Maintenance Pack 2, if input XML contains nested CDATA, parsing of this document results in some missing characters from the original input data.For example, the following line is part of the input XML:< ! [ CDATA [<Category>< ! [ CDATA [ <data>data</data> ] ] ></Category> ] ] >Parsing results in the following line:< ! [ CDATA [<Category>< ! [ CDATA [ <data>data</data> ] ] ></Category>] ] >Note the two missing characters at the end of the line (after Category '>' becomes '>').
Severity: Minor Warning
Rationale: Administration
Description: Typically, each Oracle patch corresponds to a specific version of Oracle WebLogic Server. Using a patch that is designated for a different version of Oracle WebLogic Server may result in failures or incorrect behavior.
Severity: Warning
Rationale: Administration
Description: When using the Path Service Runtime Bean, or using more than one Path Service in the same domain, the following problems have been encountered:* The Bean name from the JNDI used a period (".")* The names generated for the Beans across clusters in the same domain are not unique
Severity: Warning
Rationale: Subsystem Outage
Description: Benchmarks show major performance improvements when native performance packs are used on machines that host Oracle WebLogic Server instances. Performance packs use a platform-optimized, native socket multiplexor to improve server performance.
Severity: Minor Warning
Rationale: Administration
Description: In general, the Oracle WebLogic Server Type 4 JDBC Driver outperforms the previous version of the driver. However, due to some fixes and enhancements to character set support, the Oracle WebLogic driver currently experiences some performance degradation with the Oracle getAsciiStream() method call.
Severity: Minor Warning
Rationale: Performance
Description: For Oracle WebLogic Server 9.1, monitoring of a large application takes significantly more time than with Oracle WebLogic Server 8.1.Sample scenario:Suppose that you have a large EAR (350 MB) made up of 200 EJBs and 30 web apps.Behavior in Oracle WebLogic Server 9.1:In the "Summary of deployments" menu in the Administration Console, clicking on the EAR initiates building the "tree" of all components; the build takesmore than 60 seconds to complete. Clicking on each individual component of the EAR also produces a response time of more than 60 seconds.
Severity: Warning
Rationale: Subsystem Outage
Description: For Oracle WebLogic Server 9.1, monitoring of a large application takes significantly more time than with Oracle WebLogic Server 8.1. In the "Summary of deployments" menu in the Administration Console, clicking on the EAR initiates building the "tree" of all components; the build takesmore than 60 seconds to complete. Clicking on each individual component of the EAR also produces a response time of more than 60 seconds.Oracle Bug 8088879 has been fixed in Oracle WebLogic Server 10.0.
Severity: Minor Warning
Rationale: Subsystem Outage
Description: If a thread requires a connection from a JDBC pool and no connection is available, the thread must wait until one becomes available. At some point in time, a connection pool in your domain had a number of requests waiting for a connection, which may impact the performance of waiting threads.
Severity: Warning
Rationale: Performance
Description: The use of a prepared statement or callable statement in an application or EJB creates a considerable processing overhead for the communication between the application server and the database server and on the database server itself.To minimize these processing costs, Oracle WebLogic Server can cache the prepared and callable statements that are used in your applications. When an application or EJB calls any of the statements stored in the cache, Oracle WebLogic Server reuses the cached statement. Reusing these statements reduces CPU usage on the database server, which improves the performance of the current statement and leaves the CPU available for other tasks.
Severity: Warning
Rationale: Performance
Description: PermGen space does not appear to be released between deployments. After undeploying an application, the PermGen space appears to be unreleased. This results in an OutOfMemoryError with PermGen space. This problem is more visible with Oracle WebLogic Portal-related application deployments.
Severity: Warning
Rationale: User Viewable Errors
Description: PermGen space does not appear to be released between deployments. This results in an OutOfMemoryError. This problem is more visible with Oracle WebLogic Portal-related application deployments.This problem, described in Oracle Bug 8154661, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 3.
Severity: Minor Warning
Rationale: User Viewable Errors
Description: PermGen space does not appear to be released between deployments, resulting in an OutOfMemoryError. This problem is more visible with Oracle WebLogic Portal-related application deployments.This problem, described in Oracle Bug 8168788, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 3.
Severity: Minor Warning
Rationale: User Viewable Errors
Description: PermGen space does not appear to be released between deployments, resulting in an OutOfMemoryError. This problem is more visible with Oracle WebLogic Portal-related application deployments.This problem, described in Oracle Bug 8159003, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 3.
Severity: Minor Warning
Rationale: User Viewable Errors
Description: If the JSP pages are defined with a different extension and the URL pattern is defined in the web.xml deployment descriptor, the JSP files do not get precompiled.
Severity: Minor Warning
Rationale: Development
Description: If the JSP pages are defined with a different extension and the URL pattern is defined in the web.xml deployment descriptor, the JSP files are not precompiled.This problem, described in Oracle Bug 8112045, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 3.
Severity: Minor Warning
Rationale: Development
Description: In the log of the server where entity beans are deployed the following exception can be found:javax.ejb.EJBException: [EJB:010108]The EJB Lock Manager has received an unlock request from EJB:<ejb-class-name> with primary key:<key-field-name>. However, this primary key could not be found in the Lock Manager. This indicates either an EJB container bug, or the equals and hashCode methods for the primary key class:<key-class>.UserPK are implemented incorrectly. Please check the equals and hashCode implementations. [java] at weblogic.ejb.container.locks.ExclusiveLockManager$LockBucket.unlock(ExclusiveLockManager.java:409) [java] at weblogic.ejb.container.locks.ExclusiveLockManager.unlock(ExclusiveLockManager.java:170)...
Severity: Warning
Rationale: Development
Description: LDAP indexes did not update properly, making it impossible to search on an attribute that had been been added to an entity in embedded LDAP using an external tool or API.
Severity: Warning
Rationale: Subsystem Outage
Description: The WebService Test Client in Oracle WebLogic Server 9.2 Administration Console does not work. (The service does work when contacted from an external source like SOATest.) When the Test Client is clicked, it fails with the following exception:java.lang.RuntimeException: java.lang.NullPointerException at weblogic.testclient.ConnectionState.createWsdl(ConnectionState.java:63)Test Client does not support schema include (xsd:include).Oracle Bug 8142409 is the reference of the fix, which replaces wlstestclient.ear in server/lib.This problem, described in Oracle Bug 8100682, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 1.
Severity: Minor Warning
Rationale: Development
Description: Web Service Test Client in Oracle WebLogic Server 9.2 admin console does not work; although, the service does work when contacted from an external source like SOATest. When Test Client is clicked on, it fails with the following exception:java.lang.RuntimeException: java.lang.NullPointerException at weblogic.testclient.ConnectionState.createWsdl(ConnectionState.java:63) at Controller.refreshWsdl(Controller.java:304) at Controller.begin(Controller.java:173) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)...Test Client does not support schema include (xsd:include).Oracle Bug 8142409 is the reference of the fix, which replaces wlstestclient.ear in server/lib.
Severity: Minor Warning
Rationale: Development
Description: The servlet session persistence code is using getBytes() to retrieve large object (LOB) data (the session data). For some drivers, this is sometimes not supported for LOB data. Also, the published Data Definition Language (DDL) for DB2 was incorrect for the intended use. There is a documentation located at Oracle Bug 8104535, to suggest the correct DB2 DDL for this table.
Severity: Minor Warning
Rationale: Administration
Description: The servlet session persistence code is using getBytes() to retrieve large-object (LOB) data (the session data). For some drivers, this is sometimes not supported for LOB data. Also, the published Data Definition Language (DDL) for DB2 was incorrect for the intended use. Documentation proviced in Oracle Bug 8104535 suggests the correct DB2 DDL for this table.This problem, described in Oracle Bug 8096384, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 1.
Severity: Minor Warning
Rationale: Administration
Description: The following error shows repeatedly on each application update/redeploy of a Oracle WebLogic Portal application:"The processing instruction target matching "[xX][mM][lL]" is not allowed. This is due to a known Oracle issue"
Severity: Warning
Rationale: User Viewable Errors
Description: The following error shows repeatedly on each application update/redeploy of a Oracle WebLogic Portal application:"The processing instruction target matching "[xX][mM][lL]" is not allowed. This is due to a known Oracle issue"This problem, described in Oracle Bug 8114983, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: User Viewable Errors
Description: When running Oracle WebLogic Server in a production environment, the JSPReloadCheckSecs parameter should be set to optimize performance.The JSPReloadCheckSecs parameter specifies the time interval, in seconds, at which Oracle WebLogic Server checks to see if JSP files have changed and need recompiling. Dependencies are also checked and recursively reloaded if changed. If set to 0, pages are checked on every request. By default, this parameter is set to 0.
Severity: Minor Warning
Rationale: Performance
Description: The server is in production mode, however the ServletReloadCheckSecs parameter has not been set to optimize server performance.The ServletReloadCheckSecs parameter defines whether an Oracle WebLogic Server checks to see if a servlet has been modified, and if it has been modified, reloads it.
Severity: Minor Warning
Rationale: Performance
Description: The domain is running in production mode, but the HostnameVerification property has been disabled. When the HostnameVerification attribute has been disabled, Oracle WebLogic Server no longer ensures that the certificate received from a remote site matches the DNS name when making a remote SSL connection. This leaves the connection vulnerable to a "man in the middle" attack.
Severity: Warning
Rationale: Administration
Description: When running Oracle WebLogic Server in a production environment, the Demo Identity Keystore and DemoTrust Keystore should not be enabled. All of the digital certificates and trusted CA certificates in the Demo Identity Keystore and DemoTrust Keystore are signed by an Oracle WebLogic Server demonstration certificate authority. As a result, all of the Oracle WebLogic Server installations trust each other. This leaves the SSL connections vulnerable to many types of security attacks.
Severity: Critical
Rationale: Server Outage
Description: The include() method of RequestDispatcher saves the request parameters, invokes the "include.jsp" file, and restores the request parameters.If you do not obtain the request parameters before invoking the RequestDispatcher.include() method, the POST data will not be parsed. The request parameters saved before invoking "include.jsp" will be NULL, and when RequestDispatcher restores these NULL parameters, the request parameters will be cleared.When invoking "include.jsp", the POST data will be parsed (only once) in order to get "jsp_precompile" parameter. The parsed parameters will be cleared after RequestDispatcher restores the NULL parameters. As a result, any subsequent JSP or servlet cannot obtain these parameters.
Severity: Minor Warning
Rationale: Development
Description: Router information in the client's RJVM is getting corrupted. Therefore, the managed server is unable to establish connection after restarting. The Java client fails with an exception similar to the following:Closing: weblogic.rjvm.t3.MuxableSocketT3$T3MsgAbbrevJVMConnection@175e058 because of Server expected to route a message received over an uninitialized connection: 'JVMMessage from ...
Severity: Critical
Rationale: Server Outage
Description: Router information in the client's RJVM is getting corrupted. Therefore, the managed server is unable to establish a connection after restarting.The Java client fails with an exception similar containing a string similar to the following:... Closing: weblogic.rjvm.t3.MuxableSocketT3$T3MsgAbbrevJVMConnection@175e058 because of Server expected to route a message received over an uninitialized connection: 'JVMMessage from:This problem, described in Oracle Bug 8093501, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 1.
Severity: Minor Warning
Rationale: Server Outage
Description: The remote-client-timeout setting is ignored for transactional methods. When remote-client-timeout is configured for a transactional method, the timeout should be obeyed.
Severity: Minor Warning
Rationale: Administration
Description: The remote-client-timeout setting is ignored for transactional methods. When remote-client-timeout is configured for a transactional method, the timeout should be obeyed.This problem, described in Oracle Bug 8039954, has been fixed in Oracle WebLogic Server 10.0.
Severity: Minor Warning
Rationale: Administration
Description: The RMI-IIOP readResolve method does not work when using IIOP protocol. This is because the implementation of weblogic.utils.io.ObjectStream class does not check whether readResolve and writeReplace methods are defined in the superclass.This problem, described in Oracle Bug 8077067, has been fixed in Oracle WebLogic Server 10.0.
Severity: Minor Warning
Rationale: User Viewable Errors
Description: Reading an environment variable in a WebLogic Scripting Tool script under Windows 2003 does not work. wls:/offline> import os wls:/offline> sys.version '2.1' wls:/offline> os.environ['WL_HOME'] Failed to get environment, environ will be empty: (0, "Failed to execute command (['sh', '-c', 'env']): java.io.IOException: CreateProcess: sh -c env error=2")
Severity: Minor Warning
Rationale: Subsystem Outage
Description: After a network failure or server down, an asynchronous JMS consumer fails to reconnect to the server even with Reconnect Policy set to 'all'; and the messages sent to the queue do not reach the consumer until the consumer is restarted.
Severity: Minor Warning
Rationale: Administration
Description: After a network failure or server down, an asynchronous JMS consumer fails to reconnect to the server even with Reconnect Policy set to 'all'; and the messages sent to the queue do not reach the consumer until the consumer is restarted.This problem, described in Oracle Bug 8292535, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 3.
Severity: Minor Warning
Rationale: Administration
Description: After a network failure or server down, an asynchronous JMS consumer fails to reconnect to the server even with Reconnect Policy set to 'all'; and the messages sent to the queue do not reach the consumer until the consumer is restarted.This problem, described in Oracle Bug 8123330, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 3.
Severity: Minor Warning
Rationale: Administration
Description: The JMS client hangs in a JMSSession/JMSConnection deadlock when there is an asynchronous consumer disconnect due to a peerGoneException.
Severity: Warning
Rationale: Subsystem Outage
Description: The JMS client hangs in a JMSSession/JMSConnection deadlock when there is an asynchronous consumer disconnect due to a peerGoneException.This problem, described in Oracle Bug 8142316, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 3.
Severity: Minor Warning
Rationale: Subsystem Outage
Description: If the <context-root> for a Web application is set to "/", the server returns "404 status (Not Found)" during production redeployment for all requests to "/" after the old version of the application has been retired.When the <context-root> for a Web application is set to any value other than "/", this results in the following correct behavior: When two versions of a Web application are deployed, the old session requests are processed by the old version of the application, and the new requests are processed by the new version.
Severity: Minor Warning
Rationale: Development
Description: If a Web application's <context-root> is specified as "/", the server returns "404 status (Not Found)" during production redeployment for all requests to "/" after the old version of the application has been retired.When a Web application's <context-root> is specified as anything but "/", old session requests are processed in the old version, and new session requests are processed in the new version. All requests will be processed in the new version of the application once the old version is retired.This problem, described in Oracle Bug 8057216, has been fixed in Oracle WebLogic Server 9.2.
Severity: Minor Warning
Rationale: Development
Description: In a distributed environment, interdomain transactions (such as via Oracle Service Bus) rely on interdomain trust. If interdomain trust has not been configured, the following error message is written to the server log for every transaction:<Error> <Security> <BEA-090513> <ServerIdentity failed validation, downgrading to anonymous.> The error message should be displayed only once.
Severity: Minor Warning
Rationale: Administration
Description: In a distributed environment, interdomain transactions (such as via Oracle Service Bus) rely on interdomain trust. If interdomain trust has not been configured, the following error message is written to the server log for every transaction:<Error> <Security> <BEA-090513> <ServerIdentity failed validation, downgrading to anonymous.> The error message should be displayed only once.This problem, described in Oracle Bug 8078986, has been fixed in Oracle WebLogic Server 9.2.
Severity: Minor Warning
Rationale: Administration
Description: A RepositoryException can occur for nested Content Management types:"A RepositoryException was thrown: The nested property :type3p3.type2p2.type1p1 does not belong under the container property:type3p3.type2p1. Nested Properties must be put into their proper nesting treebefore assigning to a node."
Severity: Warning
Rationale: Administration
Description: A RepositoryException can occur for nested Content Management types, as follows:"A RepositoryException was thrown: The nested property :type3p3.type2p2.type1p1 does not belong under the container property:type3p3.type2p1. Nested Properties must be put into their proper nesting treebefore assigning to a node."This problem, described in Oracle Bug 8086790, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 1.
Severity: Minor Warning
Rationale: Administration
Description: The problem is related to sending back a not modified (code 304). If the response is not wrapped, everything seems to come back fine. If the response is wrapped with an HttpServletResponseWrapper or a child class, the response from the server does not include a 'Content-Length: 0' header, but instead sends 'Transfer-Encoding: chunked'. This response causes undesirable effects in Firefox (slow processing), but works fine in Internet Explorer.
Severity: Minor Warning
Rationale: Performance
Description: The problem is related to sending back a "not modified" (code 304). If the response is not wrapped, the response returns correctly. If the response is wrapped with an HttpServletResponseWrapper or a child class, the response from the server does not include a 'Content-Length: 0' header, but instead sends 'Transfer-Encoding: chunked'. This response causes undesirable effects in Firefox (slow processing), but works in Internet Explorer.
Severity: Minor Warning
Rationale: Performance
Description: A ResourceAccessException from a JTA sub-system while delivering a message causes the message to stay in the pending state permanently until a server restart.javax.transaction.SystemException: start() failed on resource 'WLStore_domain_BUS01_BIZ_FileStore-mgd02BUS01': XAER_RMERR : A resource manager error has occured in the transaction branch weblogic.transaction.internal.ResourceAccessException: Transaction has timed out when making request to XAResource 'WLStore_domain_BUS01_BIZ_FileStore-mgd02BUS01'. at weblogic.transaction.internal.XAResourceDescriptor.startResourceUse(XAResourceDescriptor.java:712)...
Severity: Minor Warning
Rationale: User Viewable Errors
Description: If a request to Oracle WebLogic Server is received with an "if-modified-since" header, and resources are not modified on the server side, the Oracle WebLogic Server response contains "Content-Length: 0" header, which is in violation of HTTP specifications.According to RFC 2616 (http://www.w3.org/Protocols/rfc2616/rfc2616.html), a Content-Length header must not be present in the response header.
Severity: Warning
Rationale: Administration
Description: The Oracle WebLogic Server Administration Console should be enhanced to supportWeb service testing. The console provides support for testing other types of deployments, such asWeb applications, but not Web services.
Severity: Warning
Rationale: Administration
Description: Note that the byte values returned by the web server is the TOTAL amount defined in the multidimensional array, although the notation does not reflect this. In other words, for byte[4,5] instead of 20 elements, 23 elements are actually returned as byte elements.
Severity: Warning
Rationale: Administration
Description: When the path service is associated with a single Oracle WebLogic Server instance in a cluster and that server is down during the upgrade process, the JMS client cannot send unit-of-order (UOO) messages to a uniform distributed destination (UDD) deployed on the cluster. However, in the case of existing JMS clients whose messages are sent to another server in the cluster, the clients continue sending the messages in the same UOO by using the cached path service.
Severity: Warning
Rationale: Subsystem Outage
Description: Oracle WebLogic Server versions prior to 9.2 (no MP) do not have runtime monitoring for PageFlow applications. This feature was introduced in Oracle WebLogic Server 9.2 (no MP).Feature highlights:- Construction and Invocation Count Metrics for PageFlows- Ability to clear/reset metrics and errors- Switch to enable/disable Monitoring at Oracle WebLogic Server server start up- Response time metrics for PageFlow actions- *Last Failure* information.
Severity: Warning
Rationale: Not Complying with Specifications
Description: SAF publishes messages to distributed queues without verifying the password specified on the SAF queue. Even though the password specified on the SAF queue is incorrect, the message is still published to the distributed queues on server1. When given an incorrect username, SAF is not able to publish the message to the distributed queue. SAF is checking only for the username, rather than the username and password combination.
Severity: Minor Warning
Rationale: Administration
Description: SAF sometimes stops forwarding messages when the receiving server(s) are restarted.
Severity: Minor Warning
Rationale: Administration
Description: SAF sometimes stops forwarding messages when the receiving server(s) are restarted.This problem, described in Oracle Bug 8118031, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 3.
Severity: Minor Warning
Rationale: Administration
Description: The SAFAgentRuntimeMBean statistic returns the wrong value for MesssageReceivedCount, MesssageCurrentCount, and MessagesPendingCount.
Severity: Minor Warning
Rationale: Administration
Description: Example scenario:Set up a SAML for SSO for two Web applications: appA and appC.If user_A is assigned/registered in webappA but not in webappC, an access attempt to webappC should not succeed. This is expected. However, if user_A is registered in the realm of the second domain but not allowed to access webappC, then when accessing webappC, the access attempt goes through a loop between redirecting and refreshing instead of redirecting to an error page like 401 or 403. The browser continues redirecting and refreshing in a loop.This problem, described in Oracle Bug 8161423, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 3.
Severity: Minor Warning
Rationale: Non-User Viewable Errors
Description: When generating SNMP Traps from a SIP Servlet using SipServletSnmpTrapRuntimeMBean in conjunction with CommonJ timers, the traps fail with NullPointerExceptions. Without CommonJ timers, the traps work as expected.
Severity: Warning
Rationale: User Viewable Errors
Description: In the SNMP traps being sent out by Oracle WebLogic Server, the agent ID always comes out 127.0.0.1.
Severity: Warning
Rationale: Administration
Description: In the SNMP traps being sent out by Oracle WebLogic Server, the agent ID always comes out 127.0.0.1.This problem, described in Oracle Bug 8094971, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 1.
Severity: Minor Warning
Rationale: Administration
Description: WebService returns invalid SOAP faults (invalid fault code).The following is an example of an invalid fault returned from Oracle WebLogic Server 9.2 SOAP 1.2 Web Service:<soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope"> <soapenv:Header/> <soapenv:Body> <soapenv:Faultxmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"> <Code xmlns="http://www.w3.org/2003/05/soap-envelope"> <Value>SOAP-ENV:Client</Value> </Code> <Reason xmlns="http://www.w3.org/2003/05/soap-envelope"> <Text>Failed to get operation name from the incoming request</Text> </Reason> <detail/> </soapenv:Fault> </soapenv:Body></soapenv:Envelope>See http://www.w3.org/TR/soap12-part1/#faultcodes
Severity: Minor Warning
Rationale: Not Complying with Specifications
Description: Suppose that you have an Oracle WebLogic Server SOAP 1.2 Web Service.If you send the following payload to it:<soap-env:Envelopexmlns:soap-env="http://schemas.xmlsoap.org/soap/envelope/"><soap-env:Body>...</soap-env:Body></soap-env:Envelope>which is a SOAP 1.1 envelope. It generates a version mismatch fault, like it should. However, the problem is that the contents of the envelope is incorrect:
Severity: Minor Warning
Rationale: Not Complying with Specifications
Description: With an EJB called from Oracle Service Bus via EJB Transport, when an EJB method throws an exception, Oracle Service Bus does not generate the SOAP Fault element correctly.
Severity: Minor Warning
Rationale: Subsystem Outage
Description: SOAP messages that contain attachments are not handled correctly.
Severity: Minor Warning
Rationale: Subsystem Outage
Description: SOAP messages that contain attachments are not handled correctly. This problem, described in Oracle Bug 8089006, has been fixed in Oracle WebLogic Server 9.2.
Severity: Minor Warning
Rationale: Subsystem Outage
Description: When Oracle WebLogic Server receives a SOAP message from an Axis client, and the message has an attachment, Oracle WebLogic Server incorrectly ignores the message and throws a "MustUnderstand header not processed" error. The same service works for a Oracle WebLogic Server client.This problem, described in Oracle Bug 8132879, has been fixed in Oracle WebLogic Server 10.0.
Severity: Minor Warning
Rationale: Not Complying with Specifications
Description: When Oracle WebLogic Server receives a SOAP message from an Axis client and the message has an attachment, Oracle WebLogic Server incorrectly ignores the message and throws a "MustUnderstand header not processed" error. The same service works for a Oracle WebLogic Server client.
Severity: Minor Warning
Rationale: Not Complying with Specifications
Description: MimeMessage is reset to null after writing the data to stream. This causes thegetContentType call to fail, and so eventually SOAP attachments are not handled correctly.This problem, described in Oracle Bug 8119142, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 3.
Severity: Minor Warning
Rationale: Subsystem Outage
Description: Web service request validation fails if LF included in the SOAP request, with the following SOAP response error:com.bea.xml.XmlRuntimeException: error: Can't have mixed contentat com.bea.staxb.runtime.internal.FailFastErrorHandler.add(FailFastErrorHandler.java:45)at com.bea.xbean.validator.Validator.emitError(Validator.java:176)at com.bea.xbean.validator.Validator.emitError(Validator.java:131)...
Severity: Warning
Rationale: Administration
Description: When a large SOAP document is returned to a proxy service and if there are multiple proxy services in the return path, the SOAP body content is lost in the response document.The patch to Oracle Bug 8120898 fixes this issue such that the data no longer gets lost and is consistently returned to the caller.
Severity: Warning
Rationale: Administration
Description: Oracle WebLogic Server 9 returns responses to SOAP requests that use a Transfer-Encoding of "chunked." When chunked responses are not required, this adds unnecessary overhead to the host communications.
Severity: Minor Warning
Rationale: Not Complying with Specifications
Description: Oracle WebLogic Server 9 returns responses to SOAP requests that use a Transfer-Encoding of "chunked." When chunked responses are not required, this adds unnecessary overhead to the host communications.This problem, described in Oracle Bug 8101252, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 1.
Severity: Minor Warning
Rationale: Not Complying with Specifications
Description: Oracle WebLogic Server 9 returns responses to SOAP requests that use a Transfer-Encoding of "chunked." When chunked responses are not required, this adds unnecessary overhead to the host communications.This problem, described in Oracle Bug 8101252, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 1.
Severity: Minor Warning
Rationale: Not Complying with Specifications
Description: The WSEE implementation, weblogic.wsee.saaj.SOAPConnectionImpl.java uses hardcoded 'SOAP11' when creating client connection.
Severity: Minor Warning
Rationale: Non-User Viewable Errors
Description: The WSEE implementation, weblogic.wsee.saaj.SOAPConnectionImpl.java uses hardcoded 'SOAP11' when creating client connection.This problem, described in Oracle Bug 8126650, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 3.
Severity: Minor Warning
Rationale: Non-User Viewable Errors
Description: An error occurs in the pollmuxer native library when loading on a Solaris SPARC 64-bit platform.
Severity: Minor Warning
Rationale: Performance
Description: An error occurs in the PollMuxer native library when loading on the Solaris SPARC 64-bit platform.This problem, described in Oracle Bug 8128083, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 3.
Severity: Minor Warning
Rationale: Performance
Description: Single-object SQL-Finders return a null value if the referenced object does not exist. This behavior is inconsistent with EJB 2.1 specification.This problem has been resolved. In compliance with the EJB 2.1 specification, the ObjectNotFoundException is raised when the finder query does not find any results.
Severity: Warning
Rationale: User Viewable Errors
Description: Single-object SQL-Finders return a null value if the referenced object does not exist. This behavior is inconsistent with EJB 2.1 specification.This problem has been resolved. In compliance with the EJB 2.1 specification, the ObjectNotFoundException is raised when the finder query does not find any results.This problem, described in Oracle Bug 8134779, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 1.
Severity: Minor Warning
Rationale: User Viewable Errors
Description: This is required to support SSL socket connection timeout using out-of-the-box JRockit JVM.
Severity: Warning
Rationale: Non-User Viewable Errors
Description: A cipher suite is an SSL encryption method that protects the integrity of a communication. A cipher suite includes the key exchange algorithm, the symmetric encryption algorithm, and the secure hash algorithm. For example, the RSA_WITH_RC4_128_MD5 cipher suite uses RSA for key exchange, RC4 with a 128-bit key for bulk encryption, and MD5 for message digest.Two ciphers suites, TLS_RSA_WITH_NULL_MD5 and TLS_RSA_WITH_NULL_SHA, allow clear text communications. They have 0 Symmetric Key Strength.The license for Oracle WebLogic Server determines what strength is used to protect communications. If the cipher suite strength defined in the Oracle WebLogic Server config.xml file exceeds the strength specified by the license, the server uses the strength specified by the license.
Severity: Minor Warning
Rationale: Administration
Description: Secured session replication has been enabled on cluster members in your domain, either via the -Dweblogic.replication.secured JVM property or the ClusterMBean.SecureReplicationEnabled cluster MBean. However, SSL has not been enabled on all application servers in your cluster. As a result, secured session replication may fail.
Severity: Warning
Rationale: Performance
Description: Secured session replication has been enabled on cluster members in your domain, either via the -Dweblogic.replication.secured JVM property or the ClusterMBean.SecureReplicationEnabled cluster mbean. However, SSL has not been enabled on all servers in your cluster. As a result, secured session replication may fail.This problem, described in Oracle Bug 8072840, has been fixed in Oracle WebLogic Server 9.2.
Severity: Minor Warning
Rationale: Performance
Description: Upgrading to the versions 1.6.0_14 and 1.5.0_19 of the Sun JDK or Oracle JRockit causes compatibility issues between Sun JDK and Oracle JRockit handling of SSL and Oracle WebLogic Server handling of SSL.
Severity: Critical
Rationale: Non-User Viewable Errors
Description: When a cluster member tries to join a cluster while trying to get information from other cluster members (so it can be synchronized with them), it acts as a client of the other cluster members.If the cluster has been configured to use only SSL ports and it requires client certificates, the synchronization (that is, SSL handshake) will fail because the client cluster member does not present certificates to the server cluster members.
Severity: Warning
Rationale: Subsystem Outage
Description: If the SSL listen port is changed to 7001, Oracle WebLogic Server throws an error and may become inaccessible. The change is made without rolling back the configuration. This happens if you try to configure the port using WebLogic Scripting Tool and the script crashes, or if the server is shut down before you click the "Undo All Changes" button in the Oracle WebLogic Server Administration Console.The error thrown is:"The SSL ListenPort attribute 7001 cannot be the same as the non-secure ListenPort for the server."This error occurs even if the non-secure SSL listen port has been set to something other than 7001.
Severity: Minor Warning
Rationale: Subsystem Outage
Description: In Oracle WebLogic Portal 9.2 Maintenance Pack 1 Content Management, saving a type with binary and a newly-added multistring property with no entries causes the binary to be lost, with the following exception:com.bea.content.RepositoryException: No binary value could be found forproperty. Repository: Oracle Repository Property ID: 12002/aBinary\tat com.bea.content.manager.internal.InternalNodeOpsBean.getPropertyBytes(InternalNodeOpsBean.java:1720)\tat com.bea.content.manager.internal.InternalNodeOpsBean.getPropertyBytes(InternalNodeOpsBean.java:1921) ...This problem, described in Oracle Bug 8111812, has been fixed in Oracle WebLogic Portal 9.2 Maintenance Pack 2
Severity: Minor Warning
Rationale: Administration
Description: In Oracle WebLogic Portal 9.2 Maintenance Pack 1 Content Management, saving a type with binary and a newly-added multistring property with no entries causes the binary to be lost, with the following exception:com.bea.content.RepositoryException: No binary value could be found forproperty. Repository: Oracle Repository Property ID: 12002/aBinary at com.bea.content.manager.internal.InternalNodeOpsBean.getPropertyBytes(InternalNodeOpsBean.java:1720) at com.bea.content.manager.internal.InternalNodeOpsBean.getPropertyBytes(InternalNodeOpsBean.java:1921) ...
Severity: Warning
Rationale: Administration
Description: In Oracle WebLogic Server 9.0, when you configure the Basic Realm attribute in the Compatibility Realm through the Administration Console, the following show up as choices for realm names:~doodoo~plok~kittyThese names should be changed as they are meaningless.
Severity: Minor Warning
Rationale: Administration
Description: Cloning a server does not clone the network channels. The channels need to be recreated manually.
Severity: Minor Warning
Rationale: Administration
Description: When Oracle Service Bus is running on Oracle JRockit JVM (R26.0.0), the firing of pipeline alerts can cause an OutOfMemory error:- java.lang.OutOfMemoryError: allocLargeArray - 17357349 elementsThis is caused by a memory leak that has been fixed in Oracle JRockit.
Severity: Warning
Rationale: Administration
Description: Web Service Reliable Messaging does not work with security (signature and encryption) in Oracle WebLogic Server 9.0. If a Reliable Messaging request is sent to a web service that has security policy configured, the send will fail.When server tries to process a signed/encrypted Reliable Messaging request, the server is unable to create Reference for x509 token.
Severity: Minor Warning
Rationale: Administration
Description: Oracle WebLogic Server may hang with every execute thread in STANDBY state.Note that Minimum Thread Constraint is not applied..Every ExecuteThread becomes as follows:."[STANDBY] ExecuteThread: '1' for queue: 'weblogic.kernel.Default(self-tuning)'" daemon prio=10 tid=0x017ad9b8 nid=0x32 in Object.wait()[0xbcd7f000..0xbcd7faf0] at java.lang.Object.wait(Native Method) - waiting on <0xd96795d8> (a weblogic.work.ExecuteThread) at java.lang.Object.wait(Object.java:474) at weblogic.work.ExecuteThread.waitForRequest(ExecuteThread.java:156) - locked <0xd96795d8> (a weblogic.work.ExecuteThread) at weblogic.work.ExecuteThread.run(ExecuteThread.java:177)
Severity: Warning
Rationale: User Viewable Errors
Description: Oracle WebLogic Server may hang with every execute thread in STANDBY state.Note that Minimum Thread Constraint is not applied.Every ExecuteThread looks like this:."[STANDBY] ExecuteThread: '1' for queue: 'weblogic.kernel.Default(self-tuning)'" daemon prio=10 tid=0x017ad9b8 nid=0x32 in Object.wait()[0xbcd7f000..0xbcd7faf0] at java.lang.Object.wait(Native Method) - waiting on <0xd96795d8> (a weblogic.work.ExecuteThread) at java.lang.Object.wait(Object.java:474) at weblogic.work.ExecuteThread.waitForRequest(ExecuteThread.java:156) - locked <0xd96795d8> (a weblogic.work.ExecuteThread) at weblogic.work.ExecuteThread.run(ExecuteThread.java:177)This problem, described in Oracle Bug 8636905, has been fixed in Oracle WebLogic Server 10.3 Maintenance Pack 2.
Severity: Minor Warning
Rationale: User Viewable Errors
Description: In Oracle WebLogic Server, when Log File Rotation is enabled, and the Max Number of Log Files value (NumberOfFilesLimited) is not set to true, then Server will not limit the number of backup log files.In this case, a situation may arise where there are too many log files to be rotated and Oracle WebLogic Server threads get struck while trying to roll the log files. This will lead to server outage.To prevent this situation, do either of the following:a) Periodically backup the log files to a different location (Manual Process).b) Set the NumberOfFileLimited=true for the Log MBean.
Severity: Critical
Rationale: Server Outage
Description: The command line server startup option -Dweblogic.management.startupMode isnot being handled properly, preventing startup in ADMIN mode.Solution:This problem has been fixed.
Severity: Minor Warning
Rationale: Administration
Description: The command line server startup option -Dweblogic.management.startupMode isnot being handled properly, preventing startup in ADMIN mode.This problem, described in Oracle Bug 8075433, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Administration
Description: Server - HealthMonitoring - auto restart option should be greyed out and off if there is no NodeManager configured.
Severity: Warning
Rationale: User Viewable Errors
Description: The service control handler annotation causes a DuplicateKey exception during a publish to Oracle WebLogic Server 9.2. The following is an example of the error:weblogic.descriptor.DescriptorException: VALIDATION PROBLEMS WERE FOUND problem: cvc-identity-constraint.4.2.2: Duplicate key 'handler.HandleratJCXServiceControl/handler.ConsoleLoggingHandler' for key constraint 'service-ref_handler-name-key@http://java.sun.com/xml/ns/j2ee':<null> problem: cvc-identity-constraint.4.2.2: Duplicate key 'handler.HandleratJCXServiceControl/handler.AuditHandler' for key onstraint 'service-ref_handler-name-key@http://java.sun.com/xml/ns/j2ee':<null> at weblogic.descriptor.internal.MarshallerFactory$1.evaluateResults(MarshallerFactory.java:229) ...
Severity: Warning
Rationale: Administration
Description: The service control handler annotation causes a DuplicateKey exception during a publish to Oracle WebLogic Server 9.2. The following is an example of the error:weblogic.descriptor.DescriptorException: VALIDATION PROBLEMS WERE FOUNDproblem: cvc-identity-constraint.4.2.2: Duplicate key 'handler.HandleratJCXServiceControl/handler.ConsoleLoggingHandler' for key constraint 'service-ref_handler-name-key@http://java.sun.com/xml/ns/j2ee':<null> at weblogic.descriptor.internal.MarshallerFactory$1.evaluateResults(MarshallerFactory.java:229)...Oracle Bug 8117882 has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 3
Severity: Minor Warning
Rationale: Administration
Description: When reading sessions from the WL_SERVLET_SESSIONS table, if Oracle WebLogic Server gets a deserialization exception due to a version conflict, the old session object is not removed and continues to exist in the database.For example, say a session is created (with a Java object of class A) and inserted into WL_SERVLET_SESSIONS. When you redeploy the application with the modified class A definition, the server tries to read the sessions from the WL_SERVLET_SESSIONS table. However, because the class A definition has changed, a deserialization exception may occur due to the version conflict. When this happens, the session is not automatically removed (even after it has timed out), and the exception is repeatedly thrown into the log file.
Severity: Minor Warning
Rationale: Development
Description: When reading sessions from the WL_SERVLET_SESSIONS table, if Oracle WebLogic Server gets a deserialization exception due to a version conflict, the old session object is not removed and continues to exist in the database. This problem, described in Oracle Bug 8068770, has been fixed in Oracle WebLogic Server 9.2.
Severity: Minor Warning
Rationale: Development
Description: When the weblogic.security.Security.getCurrentSubject() method is used for retrieving an authenticated subject from Oracle WebLogic Server, an anonymous subject is being returned instead of the authenticated subject.This problem has been resolved.
Severity: Warning
Rationale: Administration
Description: When the weblogic.security.Security.getCurrentSubject() method is used for retrieving an authenticated subject from Oracle WebLogic Server, an anonymous subject is being returned instead of the authenticated subject.This problem, described in Oracle Bug 8098732, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 1.
Severity: Minor Warning
Rationale: Administration
Description: Oracle WebLogic Server now invokes ServletContextListener callbacks with the "anonymous" user identity. The user identity will be different for the execution of these callbacks. If your (Web application with ServletContextListener) implementation of these callbacks is dependent on the permissions of the internal kernel identity, then the callback implementation may encounter errors when run with the anonymous user identity. You should either modify the callback implementation to use a different identity or specify a "Deployment Principal Name" on the application deployment MBean. If a deployment principal name is not defined on the application, during static deployment (server start-up), the "anonymous" user identity will be used for ServletContextListener callbacks.
Severity: Warning
Rationale: Development
Description: Oracle WebLogic Server now invokes ServletContextListener callbacks with the "anonymous" user identity.If your implementation of these callbacks is dependent on the permissions of the internal kernel identity, then the callback implementation may encounter errors when run with the anonymous user identity.You should either modify the callback implementation to use a different identity or specify a "Deployment Principal Name" on the application deployment MBean.If a deployment principal name is not defined on the application, during static deployment, the "anonymous" user identity will be used for ServletContextListener callbacks.This problem, described in Oracle Bug 8169577, has been fixed in Oracle WebLogic Server 10.0.
Severity: Minor Warning
Rationale: Development
Description: Oracle WebLogic Server now invokes ServletContextListener callbacks with the "anonymous" user identity.If your implementation of these callbacks is dependent on the permissions of the internal kernel identity, then the callback implementation may encounter errors when run with the anonymous user identity.You should either modify the callback implementation to use a different identity or specify a "Deployment Principal Name" on the application deployment MBean.If a deployment principal name is not defined on the application, during static deployment, the "anonymous" user identity will be used for ServletContextListener callbacks.Oracle Bug 8169577 has been fixed in Oracle WebLogic Server 10.0.
Severity: Minor Warning
Rationale: Development
Description: When Oracle WebLogic Server processes proxy headers, it incorrectly skips some headers. After removing an entry from the array list, the counter is not decremented, and Oracle WebLogic Server skips the entry following the removed entry.As a result, during an HTTPS request via proxy, ServletRequest#getScheme() returns HTTP, and isSecure() returns false.
Severity: Warning
Rationale: Administration
Description: When Oracle WebLogic Server processes proxy headers, it incorrectly skips some headers. After removing an entry from the array list, the counter is not decremented, and Oracle WebLogic Server skips the entry following the removed entry.As a result, during an HTTPS request via proxy, ServletRequest#getScheme() returns HTTP, and isSecure() returns false.This problem, described in Oracle Bug 8058858, has been fixed in Oracle WebLogic Server 9.2.
Severity: Minor Warning
Rationale: Administration
Description: ISO-2022-JP encoding characters written via ServletResponse.getOutputStream().print() are not properly encoded. Garbled characters are displayed at the browser.
Severity: Minor Warning
Rationale: Development
Description: Under load, session replication in a cluster may throw a NullPointerException, as follows:java.lang.NullPointerException at weblogic.rjvm.ResponseImpl.unmarshalReturn(ResponseImpl.java:195) at weblogic.rmi.internal.BasicRemoteRef.invoke(BasicRemoteRef.java:224) at weblogic.cluster.replication.ReplicationManager_921_WLStub.create (Unknown Source) ...java.lang.NullPointerException at weblogic.cluster.replication.WrappedRO.<init>(WrappedRO.java:42) at weblogic.cluster.replication.ReplicationManager$wroManager.create (ReplicationManager.java:282) at weblogic.cluster.replication.ReplicationManager.create (ReplicationManager.java:779) at weblogic.cluster.replication.ReplicationManager_WLSkel.invoke (Unknown Source) ...
Severity: Warning
Rationale: Subsystem Outage
Description: Under load, session replication in a cluster may throw a NullPointerException, as follows:java.lang.NullPointerException at weblogic.rjvm.ResponseImpl.unmarshalReturn(ResponseImpl.java:195) ...java.lang.NullPointerException at weblogic.cluster.replication.WrappedRO.<init>(WrappedRO.java:42) ...This problem, described in Oracle Bug 8166202, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 3.
Severity: Minor Warning
Rationale: Subsystem Outage
Description: A web application is deployed to a cluster, and the session cookie has been modified from the default (JSESSIONID). If the application is being accessed by means of a webserver running the Oracle WebLogic plugin, and the configuration has not been updated, the plugin may route Oracle WebLogic Server requests incorrectly.
Severity: Minor Warning
Rationale: Administration
Description: Sessions are lost after configuring SAML with two domains (Oracle WebLogic Server 9.x or Oracle WebLogic Server 10.x) running on one system.It is a SAML requirement to set all webapp cookie names to the default (JSESSIONID). With this setting, the client browser can differentiate cookies originating from different domains only if the IPAddress or hostname of the SAML source and destination domain are not the same.
Severity: Critical
Rationale: User Viewable Errors
Description: The Servlet 2.4 Specifications defines the <session-timeout> deployment descriptor as follows:<!ELEMENT session-config (session-timeout?)><! -The session-timeout element defines the default session timeout interval for all sessions created in this web application. The specified timeout must be expressed in a whole number of minutes. If the timeout is 0 or less, the container ensures the default behaviour of sessions is never to time out.Used in: session-config - >However, in Oracle WebLogic Server 9.2 Maintenance Pack 2, when you set Session Timeout to 0, the session still times out.
Severity: Minor Warning
Rationale: Non-User Viewable Errors
Description: Setting shrink frequency seconds to 0 failed to disable connection pool shrinking. Turning shrinking off did not take effect until server restart.
Severity: Minor Warning
Rationale: Administration
Description: Setting shrink frequency seconds to 0 failed to disable connection pool shrinking. Turning shrinking off did not take effect until reboot.This problem, described in Oracle Bug 8173564, has been fixed in Oracle WebLogic Server 10.0 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Administration
Description: The Smart Update 3.0 installer cannot start in GUI mode on HP-UX. The installer displays a dialog showing the following error, even when running the installer with HP-JVM 1.5.0.04 or later service pack:"The required JDK for this installation is version: 1.5.0_04. The JDK you are currently running with is version: 1.5.0."Cause:The Smart Update utility class is assumed to parse the version string based on the Sun JDK convention, which delineates the major and minor version numbers with an underscore character (_), for example, 1.5.0_04However, the convention in HP-JVM is to delineate the major and minor version numbers with a period (.), for example, 1.5.0.04
Severity: Warning
Rationale: Administration
Description: On AIX, the Smart Update 3.1 installer fails in Command Line Mode. This is because the installer expects the version number to be a single string in order to verify that the Java version is equal to or higher than 1.5.0_04. However, the IBM JDK convention splits this information into two strings: a main string "1.5.0" and another indicating SR5 or SR5a.To resolve this issue, disable the JDK check by specifying the following flag when invoking the installer: -Djdk.check.override=true
Severity: Warning
Rationale: Administration
Description: Smart Update throws the following error if a patch is installed or removed from a running server:"An unexpected error was encountered ... java.io.IOException:Unable to backup file"
Severity: Minor Warning
Rationale: User Viewable Errors
Description: MimeMessage is reset to null after writing the data to stream. This causes thegetContentType call to fail, and so eventually SOAP attachments are not handledcorrectly.
Severity: Critical
Rationale: Subsystem Outage
Description: When an EJB exception does not conform to the specification in http://schemas.xmlsoap.org/soap/envelope, a SOAP Fault is returned.
Severity: Warning
Rationale: Not Complying with Specifications
Description: When starting Oracle WebLogic Server on Solaris 8 or 5.8, the default threading libraries of the operating system may cause various JVM threading issues, which can ultimately result in the server hanging or crashing.
Severity: Critical
Rationale: Server Outage
Description: Some signatures require runtime MBeans to be created for Session Monitoring, in order to collect MBean data. If Session Monitoring is not enabled, data collection may be erratic or incomplete.
Severity: Minor Warning
Rationale: Non-User Viewable Errors
Description: Sometimes the config_prev_bak directory is not deleted during bootup (see directory structure below): $DOMAIN_DIR/servers/domain_bak/config_prev_bakThis directory should be deleted after finishing deployment tasks during bootup. If Oracle WebLogic Server instances are rebooted without deleting config_prev_bak, some configuration is reverted or removed.
Severity: Minor Warning
Rationale: Administration
Description: Sometimes the config_prev_bak directory is not deleted during bootup (see directory structure below): $DOMAIN_DIR/servers/domain_bak/config_prev_bakThis directory should be deleted after finishing deployment tasks during bootup. If Oracle WebLogic Server instances are rebooted without deleting config_prev_bak, some configuration is reverted or removed.This problem, described in Oracle Bug 8164443, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 3.
Severity: Minor Warning
Rationale: Administration
Description: Sometimes the config_prev_bak directory is not deleted during bootup (see directory structure below): $DOMAIN_DIR/servers/domain_bak/config_prev_bakThis directory should be deleted after finishing deployment tasks during bootup. If Oracle WebLogic Server instances are rebooted without deleting config_prev_bak, some configuration is reverted or removed.This problem has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 3.
Severity: Minor Warning
Rationale: Administration
Description: When the client sets a value for property WLStub.WSRM_SEQUENCE_EXPIRATION of type javax.xml.datatype.Duration, which is not serializable, an IOException is thrown. Per the documentation, the value of the WLStub.WSRM_SEQUENCE_EXPIRATION must be of type javax.xml.datatype.Duration, which is not Serializable. Therefore, the server code should not expect this property in serialized form. This problem occurs on AIX on IBM JDK.
Severity: Minor Warning
Rationale: User Viewable Errors
Description: When the client sets a value for property WLStub.WSRM_SEQUENCE_EXPIRATION of type javax.xml.datatype.Duration, which is not serializable, an IOException is thrown. Per the documentation, the value of the WLStub.WSRM_SEQUENCE_EXPIRATION must be of type javax.xml.datatype.Duration, which is not Serializable. Therefore, the server code should not expect this property in serialized form. This problem occurs on AIX on IBM JDK.This problem, described in Oracle Bug 8103085, has been fixed in Oracle WebLogic Server 10.0.
Severity: Minor Warning
Rationale: User Viewable Errors
Description: The specification "precompile-continue=true" does not function.If you specify the following: <precompile>true</precompile> <precompile-continue>true</precompile-continue>the application should continue to compile and deploy, even when there are compilation errors in the .jsp files. However, the actual behavior is as if "precompile-continue" was not specified. Errors are reported, and the application will not be deployed.
Severity: Minor Warning
Rationale: Administration
Description: Rescheduling a task's timer execution several times results in a stack overflow exception.
Severity: Warning
Rationale: User Viewable Errors
Description: If one data source with an empty JNDI name is deployed to a server, a StackOverflowError will be reported when viewing JNDI tree of the server.
Severity: Critical
Rationale: Administration
Description: Stale sessions are not getting garbage collected when the secondary is unseen by primary in the cluster.Stale sessions are happening under the load when the primary failed to get response from the local secondary while trying HTTP session replication. The stale sessions are not getting deleted, which is caused by the secondary being unseen by primary in the cluster.
Severity: Warning
Rationale: Administration
Description: Stale sessions are not getting garbage collected when the secondary is unseen by primary in the cluster.Stale sessions are happening under the load when the primary failed to get response from the local secondary while trying HTTP session replication. The stale sessions are not getting deleted, which is caused by the secondary being unseen by primary in the cluster.This problem, described in Oracle Bug 8115320, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 1.
Severity: Minor Warning
Rationale: Administration
Description: If the Start element of the SOAP header is set to NULL or is missing, the SOAP request will fail.According to the SOAP specification, it is strongly recommended that the root part contain a Content-ID MIME header structured in accordance with RFC 2045, and that in addition to the required parameters for the Multipart/Related media type, the start parameter (optional in RFC 2387) always be present. This permits more robust error detection.
Severity: Minor Warning
Rationale: Not Complying with Specifications
Description: Start element of the SOAP header gets set to Null, if it is missing, causing the request to fail.According to the SOAP specification, it is strongly recommended that the root part contain a Content-ID MIME header structured in accordance with RFC 2045, and that in addition to the required parameters for the Multipart/Related media type, the start parameter (optional in RFC 2387) always be present. This permits more robust error detection.This problem, described in Oracle Bug 8094848, has been fixed in Oracle WebLogic Server 10.0.
Severity: Minor Warning
Rationale: Not Complying with Specifications
Description: When trying to invoke a Web service with a call that uses a BigDecimal as a parameter, if this parameter is set to null, the following error message is returned:java.lang.StringIndexOutOfBoundsException: String index out of range: -1 at java.lang.String.charAt(String.java:558) at com.bea.xbean.util.XsTypeConverter.trimTrailingZeros(XsTypeConverter.java:606) at com.bea.xbean.util.XsTypeConverter.lexDecimal(XsTypeConverter.java:161)...
Severity: Minor Warning
Rationale: Administration
Description: Unsynchronized HashMap leads to stuck threads and high CPU usage.The relevant stack trace is as follows:Thread-333 "[STUCK] ExecuteThread: '10' for queue: 'weblogic.kernel.Default(self-tuning)'" <alive, suspended, priority=1, DAEMON> { java.util.HashMap.put(HashMap.java:416) weblogic.descriptor.internal.DuplicateChecker.register( DuplicateChecker.java:52) weblogic.descriptor.internal.DuplicateChecker.registerIfNoDuplicate( DuplicateChecker.java:18) weblogic.descriptor.internal.ReferenceManager.registerBean( ReferenceManager.java:205) ....
Severity: Critical
Rationale: Subsystem Outage
Description: Unsynchronized HashMap leads to stuck threads and high CPU usage.The relevant stack trace is as follows:Thread-333 "[STUCK] ExecuteThread: '10' for queue: 'weblogic.kernel.Default(self-tuning)'" <alive, suspended, priority=1, DAEMON> { java.util.HashMap.put(HashMap.java:416) weblogic.descriptor.internal.DuplicateChecker.register( DuplicateChecker.java:52) weblogic.descriptor.internal.DuplicateChecker.registerIfNoDuplicate( DuplicateChecker.java:18) weblogic.descriptor.internal.ReferenceManager.registerBean( ReferenceManager.java:205) weblogic.j2ee.descriptor.wl.WeblogicWebAppBeanImpl.createSessionDescriptor( WeblogicWebAppBeanImpl.java:1237) ....This problem, described in Oracle Bug 8107148, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Subsystem Outage
Description: Stuck threads occur at weblogic.management.provider.internal.RegistrationManagerImpl.invokeRegistrationHandlers, after Oracle WebLogic Server runs for awhile.
Severity: Minor Warning
Rationale: Administration
Description: The StuckThreadCount attribute of the WorkManagerRuntimeMBean always returns zero, even when there were stuck threads. This information is an important data point when monitoring a running server for which OverLoadProtection or other stuck thread configuration has been specified.
Severity: Minor Warning
Rationale: Administration
Description: The StuckThreadCount attribute of the WorkManagerRuntimeMBean always returns zero, even when there were stuck threads. This information is an important data point when monitoring a running server for which OverLoadProtection or other stuck thread configuration has been specified.This problem, described in Oracle Bug 8083263, has been fixed in Oracle WebLogic Server 10.0.
Severity: Minor Warning
Rationale: Administration
Description: JMS client connection is being dropped on reconnect after a second network failure. Original context, including user credentials, is lost after first successful reconnect resulting in authentication failures after multiple reconnects.
Severity: Warning
Rationale: Not Complying with Specifications
Description: Recent changes to the definition of US timezones to remove Daylight Savings Time (DST) awareness has broken basic functionality in date handling. The DateFormat parser uses the contents of String zoneStrings[][] in class DateFormatSymbols to identify the timezone based on the zone value in the input date string.For example, the zoneStrings[][] array defines "EST" before "America/New_York" so sets the timezone for the parser to the now non-DST aware "EST" zone.This issue only affects sites using the these three-letter abbreviations of DST times zones denotations, which have been deprecated, and any of the following versions of the Sun JDK:* Sun JDK 1.6* Sun JDK 1.5.0_08 and later* Sun JDK 1.4.2_12 and later
Severity: Warning
Rationale: Not Complying with Specifications
Description: WLS 9.x - Sun JVM not supported on Linux systems - use Oracle JRockit instead
Severity: Warning
Rationale: Administration
Description: When you install the patch to Oracle Bug 8118334 (for Oracle WebLogic SIP Server 2.2) or Oracle Bug 8140489 (for Oracle WebLogic SIP Server 3.0), specify "-Dwlss.allowContactFor1xx" in the "System" property for these SIP Server versions.Resolution:For Oracle WebLogic SIP Server 2.2:Apply the patch to Oracle Bug 8118334. Check your patch list for conflicts before applying.For Oracle WebLogic SIP Server 3.0:Apply the patch to Oracle Bug 8140489Set the following property in the server startup script: -Dwlss.allowContactFor1xx=trueAlternatively, you can upgrade to Oracle WebLogic SIP Server 3.1 and configure this policy through the Administration Console or directly in sipserver.xml:<enable-contact-provisional-response>true</enable-contact-provisional-response>
Severity: Warning
Rationale: Not Complying with Specifications
Description: Typically, a dollar sign ("$") in the system properties indicates an attempt to reference an environment variable that has not been evaluated correctly. As a result, the property may not have the desired effect.
Severity: Warning
Rationale: Administration
Description: Typically, a percent sign ("%") in the system properties indicates an attempt to reference an environment variable that has not been evaluated correctly. Therefore, the property may not be having the desired effect.
Severity: Warning
Rationale: Administration
Description: If you build a template from an existing Oracle Service Bus domain and use the default values, the resulting JAR files are missing the following security files:* DefaultAuthorizerInit.ldift* XACMLAuthorizerInit.ldiftA similar problem occurs if you use the WebLogic Scripting Tool to clone an existing Oracle Service Bus domain. The Service Bus Console fails to recognize that the default "weblogic" user has Administrator permissions. In addition, users cannot use the Change Center.The following exception occurs:Throwable: com.bea.wli.common.base.SBConsoleAccessException: The current login role is not authorized to use the console action: "/viewAlertSummary"
Severity: Warning
Rationale: User Viewable Errors
Description: If you build a template from an existing Oracle Service Bus domain using the default values below, the following security files are not included in the JARs: DefaultAuthorizerInit.ldift, XACMLAuthorizerInit.ldift. A similar problem occurs when using the WebLogic Scripting Tool to clone an existing Oracle Service Bus domain. The Service Bus Console fails to recognize that the default "weblogic" user has Administrator permissions. In addition, users cannot use the Change Center. The following exception occurs: com.bea.wli.common.base.SBConsoleAccessException: The current login role is not authorized to use the console action: "/viewAlertSummary". This problem, described in Oracle Bug 8123680, has been fixed in Oracle WebLogic Server 10.0 Maintenance Pack 1.
Severity: Minor Warning
Rationale: User Viewable Errors
Description: In Oracle WebLogic Server 9.0, temporary patches are not listed in the server log.If a temporary patch was applied to the CLASSPATH and the proper Manifest was set up, a message should appear in the server log at startup time for each temporary patch applied. This information is important to determine the patch level. However, in Oracle WebLogic Server 9.0, this does not happen.As a result, Oracle Enterprise Manager may not be able to determine accurately which patches have been installed. Many Oracle Enterprise Manager compliance rules must identify what patches you have applied in order to determine what patches you may still need. The result is that Oracle Enterprise Manager may falsely report that you need certain patches when you already have applied them.
Severity: Warning
Rationale: User Viewable Errors
Description: In Oracle WebLogic Server 9.0, temporary patches are not listed in the server log. If a temporary patch was applied to the CLASSPATH and the proper Manifest was set up, a message should appear in the server log at startup time for each temporary patch applied. This information is important to determine the patch level. However, in Oracle WebLogic Server 9.0, this does not happen.As a result, Oracle Enterprise Manager may not be able to determine accurately which patches have been installed and therefore may falsely report that you need certain patches when you already have applied them. This problem, described in Oracle Bug 8044082, has been fixed in Oracle WebLogic Server 9.1.
Severity: Minor Warning
Rationale: User Viewable Errors
Description: The flag '-Djmx.serial.form=1.0' needs to be set as a start-up option when a JMX 1.0 client contains the standard JMX MBeanServer interface to communicate with JMX 1.2 agents.If this flag is specified when starting a server instance, it must subsequently be included when running related clients as the weblogic.Deployer tool.
Severity: Warning
Rationale: User Viewable Errors
Description: In Oracle WebLogic Server 9.x, when the Administration Console is used for changing the HTTP logging configuration of the server or the virtual host, Oracle WebLogic Server will fail to reboot.
Severity: Minor Warning
Rationale: Administration
Description: When the Administration Console is used to stop and restart a remote Managed Server, the Administration Console hangs until the remote Managed Server has been fully started.This problem, described in Oracle Bug 8158504, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 3.
Severity: Minor Warning
Rationale: Administration
Description: The application works fine, but the console is showing garbage URLs when you try to check the testing tab after the deployment.
Severity: Minor Warning
Rationale: User Viewable Errors
Description: When invoking a Web service asynchronously using a non-primitive return type, the response handling in the Asynchronous Web Service Client fails with a ClassNotFoundException.The reason for this behaviour is that the WebAppContext in which the response is handled is not the same as the WebAppContext that made the asynchronous call. The response is handled in a context that does not have the correct Class Loader thereby causing the ClassNotFoundException.The the following trace can be seen in the logs:Caused by: java.lang.ClassNotFoundException: com.ruag.demo.basic.reference.types.v1.ResearchTargetTypeat java.lang.Class.forName(Ljava.lang.String;ZLjava.lang.ClassLoader;)Ljava.lang.Class;(Unknown Source)...
Severity: Warning
Rationale: Development
Description: The LogFileMBean now includes a buffer-size-kb parameter. This parameter has a default value of 8 KB; when set to zero or less, it will not buffer the log messages.For example, to set the buffer size for access.log in config.xml:<server>...<web-server><web-server-log><buffer-size-kb>0</buffer-size-kb><web-server-log></server>
Severity: Minor Warning
Rationale: Development
Description: The LogFileMBean now includes a buffer-size-kb parameter. This parameter has a default value of 8 KB; when set to 0 or less, it will not buffer the log messages.For example, to set the buffer size for access.log in config.xml:<server>...<web-server><web-server-log><buffer-size-kb>0</buffer-size-kb><web-server-log></server>This problem, described in Oracle Bug 8132238, has been fixed in Oracle WebLogic Server 10.0.
Severity: Minor Warning
Rationale: Development
Description: ClassCastExceptions occur when a Message Driven Bean (MDB) attempts to connect to a foreign JMS Provider using a JMS 1.1 Connection Factory because the MDB JMSConnectionPoller and JMS wrapper code is using JMS 1.0 API. This is acceptable for Oracle WebLogic Server queues and topics, but fails for MQSeries.This problem, described in Oracle Bug 8096068, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Administration
Description: RMI-IIOP readResolve method does not work when using IIOP protocol. This is because the implementation of weblogic.utils.io.ObjectStream class is not checking whether readResolve and writeReplace methods are defined in the superclass.
Severity: Minor Warning
Rationale: User Viewable Errors
Description: The appc compiler excludes generic-types from signatures in generated stubs.AdminSessionEJB - - - - - - - - @RemoteMethod() public void insertRecord(Collection<Record> pMedRecCol, Integer pPatId) throws CreateException, NamingException, MedRecException, Exception {Compiled Stub:AdminSessionEJB_e1en28_Intf - - - - - - - - - - - - - -public void insertRecord(java.util.Collection arg0, java.lang.Integer arg1) throws javax.ejb.CreateException, javax.naming.NamingException,com.bea.medrec.exceptions.MedRecException, java.lang.Exception;This problem, described in Oracle Bug 8035302, has been fixed in Oracle WebLogic Server 9.2.
Severity: Minor Warning
Rationale: Not Complying with Specifications
Description: The appc compiler excludes generic types from signatures in generated stubs.AdminSessionEJB - - - - - - - - @RemoteMethod() public void insertRecord(Collection<Record> pMedRecCol, Integer pPatId) throws CreateException, NamingException, MedRecException, Exception {Compiled Stub:AdminSessionEJB_e1en28_Intf - - - - - - - - - - - - - -public void insertRecord(java.util.Collection arg0, java.lang.Integer arg1) throws javax.ejb.CreateException, javax.naming.NamingException,com.bea.medrec.exceptions.MedRecException, java.lang.Exception;
Severity: Warning
Rationale: Not Complying with Specifications
Description: The weblogic.appc compiler fails the webapp descriptor compliance checker with the following error if web.xml contains a comma-separated list of auth-methods:weblogic.servlet.internal.dd.compliance.ComplianceException: Invalid value for auth-method in web.xml: CLIENT-CERT,BASIC. Valid values are BASIC (default), FORM and CLIENT-CERT. at weblogic.servlet.internal.dd.compliance.BaseComplianceChecker.addDescriptorError(BaseComplianceChecker.java:74) at weblogic.servlet.internal.dd.compliance.BaseComplianceChecker.addDescriptorError(BaseComplianceChecker.java:80)This problem, described in Oracle Bug 8112838, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Development
Description: When running the appc compiler via the command line against a very large web application, the memory specified must be very high. This occurs because the CompilerInvoker is invoking the Java compiler for all files within the module simultaneously, resulting in out-of-memory errors for very large EJB .jar files with a lot of CMPs.
Severity: Minor Warning
Rationale: Administration
Description: When running appc via the command line against a very large EAR application, the memory specified needs to be very high. This was not the case with Oracle WebLogic Server 8.1. This is happening because the CompilerInvoker is invoking the Java compiler for all the passed in files of the module at once, thereby resulting in OOM for very large ejb-jar files with a lot of CMPs. There needs to be an option for appc that the customer can use to limit the max number of files passed to the Java compiler.This problem, described in Oracle Bug 8113714, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 3.
Severity: Minor Warning
Rationale: Administration
Description: In some scenarios, an entity bean from the pool is not initialized before re-use, resulting in unexpected bean data.
Severity: Minor Warning
Rationale: Administration
Description: In some scenarios, an entity bean from the pool is not initialized before re-use, resulting in unexpected bean data.This problem, described in Oracle Bug 8112227, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Administration
Description: JDBC connection pools under high load can cause leaking connections and going above configured maximum capacity. A simple counter is sometimes not incrementing correctly, allowing more connections to be made than should be allowed. This problem is now fixed.
Severity: Warning
Rationale: Subsystem Outage
Description: JDBC connection pools under high load can cause leaking connections and going above configured maximum capacity. A simple counter is sometimes not incrementing correctly, allowing more connections to be made than should be allowed. This is now fixed.This problem, described in Oracle Bug 8087108, has been fixed in Oracle WebLogic Server 10.0.
Severity: Minor Warning
Rationale: Subsystem Outage
Description: The customer has applied a patch from Oracle Bug 8087768 (8068770 + 8085020); however, ORA-00001 still occurs under the load.
Severity: Critical
Rationale: Performance
Description: The JSP property group (<jsp-property-groups>) is a collection of properties that apply to a set of files representing JSP pages. Most properties defined in the group apply to an entire translation unit, that is, the requested JSP file that is matched by its URL pattern and all the files it includes by way of the include directive.In this release of Oracle WebLogic Server, it has been observed that <jsp-property-groups> is not allowing usage of a wild card (/*), in the <url-pattern> tag.Sample of <jsp-property-group> from a web.xml :... <jsp-property-group> <url-pattern>/*</url-pattern> <include-prelude>/WEB-INF/XXX.jsp</include-prelude> </jsp-property-group>...
Severity: Warning
Rationale: Development
Description: "jsp-property-groups" is a collection of properties that apply to a set of files representing JSP pages. Most properties defined in a group apply to an entire translation unit, that is, the requested JSP file that is matched by its URL pattern and all the files it includes by way of the include directive.In this release of Oracle WebLogic Server, it has been observed that jsp-property-groups is not allowing usage of a wild card (/*) in the url-pattern.Sample jsp-property-group from web.xml:... <jsp-property-group> <url-pattern>/*</url-pattern> <include-prelude>/WEB-INF/XXX.jsp</include-prelude> </jsp-property-group>...This problem, described in Oracle Bug 8084236, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 1.
Severity: Minor Warning
Rationale: Development
Description: In JSP, when Java Beans are used:<jsp:useBean> body gets executed even if named JavaBean already exists in the scope.
Severity: Minor Warning
Rationale: Administration
Description: In JSP, when Java Beans are used:<jsp:useBean> body gets executed even if named JavaBean already exists in the scope.This problem, described in Oracle Bug 8093561, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 1.
Severity: Minor Warning
Rationale: Administration
Description: On Linux OS i686, when a Managed Server is shut down abruptly by means of the Node Manager, the Managed Server may become defunct because the Node Manager ignores the SIGCHLD signal that is not POSIX-compliant.This problem, described in Oracle Bug 8076961, has been fixed in Oracle WebLogic Server 9.2.
Severity: Minor Warning
Rationale: Server Outage
Description: It is possible for router information in the RJVM of a client to become corrupted. As a result, a Managed Server may be unable to establish a connection after restarting. Restarting a Managed Server results in a stale JNDI objectThis problem, described in Oracle Bug 8093501, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 1.
Severity: Minor Warning
Rationale: Administration
Description: The sockets in CLOSE_WAIT exhaust file descriptors, causing the server to hang.In a cluster environment, after starting the admin server and the managed servers, a lot of sockets are seen in the CLOSE_WAIT state. Accessing the console reduces the number of CLOSE_WAIT sockets. But if the console is not accessed for some time, the number of sockets in CLOSE_WAIT keeps on increasing. Because the CLOSE_WAIT sockets consume file descriptors, ultimately the server gets a "too many open files" error and hangs.
Severity: Warning
Rationale: Performance
Description: The sockets in CLOSE_WAIT exhaust file descriptors, causing the server to hang.In a cluster environment, after starting the admin server and the managed servers, a lot of sockets are seen in the CLOSE_WAIT state. Accessing the console reduces the number of CLOSE_WAIT sockets. But if the console is not accessed for some time, the number of sockets in CLOSE_WAIT keeps on increasing. Because the CLOSE_WAIT sockets consume file descriptors, ultimately the server gets a "too many open files" error and hangs.This problem, described in Oracle Bug 8077083, has been fixed in Oracle WebLogic Server 9.2.
Severity: Minor Warning
Rationale: Performance
Description: While running compact command of store-admin-tool, all files not dedicated to files stores are removed.This is not safe for configuration information. For example, if you created your store files in the Domain directory, all the content in the Domain directory will be removed during a compact operation.
Severity: Warning
Rationale: Administration
Description: While running compact command of store-admin-tool, all files not dedicated to files stores are removed.This is not safe for configuration information. For example, if you created your store files in the Domain directory, all the content in the Domain directory will be removed during a compact operation.This problem, described in Oracle Bug 8136189, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Administration
Description: While running compact command of store-admin-tool, all files not dedicated to files stores are removed.This is not safe for configuration information. For example, if you created your store files in the Domain directory, all the content in the Domain directory will be removed during a compact operation.This problem, described in Oracle Bug 8136189, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Administration
Description: When a new deployment plan is created or an existing deployment plan is updated for a deployed application through the Administration Console, the system does not provide users any information on how to bring that deployment plan into effect.
Severity: Minor Warning
Rationale: Administration
Description: When a new deployment plan is created or an existing deployment plan is updated for an application deployed with Oracle WebLogic Server Administration Console, the system does not provide users with information on how to activate that deployment plan.This problem, described in Oracle Bug 8104714, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 1.
Severity: Minor Warning
Rationale: Administration
Description: The weblogic.policy file, which resides in the ISO image and is copied to the Virtual Machine, contains pathnames for the machine on which you executed the installation program. These pathnames will not work on the virtual machine.
Severity: Warning
Rationale: Administration
Description: When running Oracle WebLogic SIP Server (WLSS) 3.0 on Linux platforms, SipService#ProcessHelper.storeMinute() sporadically throws a NullPointerException with the user's application during subscription.<[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1169804794137> <BEA-330800> <Filter Errorjava.lang.NullPointerExceptionat com.bea.wcp.sip.engine.server.SipService$ProcessHelper.storeMinute(SipService.java:347)at com.bea.wcp.sip.engine.server.SipService$ProcessHelper.computeCurrentRate(SipService.java:287)...
Severity: Warning
Rationale: Not Complying with Specifications
Description: A thread becomes stuck when printing multi-byte characters using PrintWriter#println. For example, the following will result in a stuck thread: PrintWriter out = res.getWriter(); for(int i=0; i<1000; i++){ out.println("XXXXX"); // XXXXX is multi-byte characters. }The system fails under high CPU load and the thread becomes stuck.
Severity: Minor Warning
Rationale: User Viewable Errors
Description: ThresholdParamsBean in a TemplateMBean is not accessible in WebLogic Scripting Tool Offline mode and getting the following exception:wls:/offline>cd('JMSSystemResource/SystemModule-0/JmsResource/NO_NAME_0/Template/Template-0')wls:/offline/JMSSystemResource/SystemModule-0/JmsResource/NO_NAME_0/Template/Template-0>cd('Thresholds')Error: cd() failed. Do dumpStack() to see details.wls:/offline/JMSSystemResource/SystemModule-0/JmsResource/NO_NAME_0/Template/Template-0>dumpStack()com.bea.plateng.domain.script.jython.WLSTException:com.bea.plateng.domain.script.ScriptException: No nested element Threshold is foundat com.bea.plateng.domain.script.jython.CommandExceptionHandler.handleException(CommandExceptionHandler.java:51) ...
Severity: Minor Warning
Rationale: Administration
Description: The following stacktrace is obtained when trying to setMonitoredAttributeName for SNMPGaugeMonitor on Solaris platform:Caught java.lang.RuntimeException: Timed out waiting for completionjava.lang.RuntimeException: Timed out waiting for completion at weblogic.management.provider.internal.ActivateTaskImpl.waitForCompletion(ActivateTaskImpl.java:374) at weblogic.management.provider.internal.ActivateTaskImpl.waitForTaskCompletion(ActivateTaskImpl.java:349) ...
Severity: Warning
Rationale: Administration
Description: When multiple threads call Oracle WebLogic Server Timer's addNotification() or removeNotification() methods, ConcurrentModificationException are raised.
Severity: Warning
Rationale: Development
Description: When multiple threads call Oracle WebLogic Server Timer's addNotification() or removeNotification() methods, ConcurrentModificationException are raised.This problem, described in Oracle Bug 8114446, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Development
Description: In the Oracle Service Bus message reporting viewer, there are two timestamp attributes: 'Database Timestamp' and 'Time at point of Logging'.Both of above time attributes have time in format of: "MM/dd/yyyy hh:mm:ss"Regardless of row data associated in the repository database, the seconds part always displays as "00".A patch to Oracle Bug 8163403 provides a fix to this problem. With this patch, it displays correct seconds.
Severity: Minor Warning
Rationale: Administration
Description: Sockets opened via HTTPUrlConnection or as part of a health check are not properly closing connections. This causes sockets to be stuck in the CLOSE_WAIT state. After starting all the servers, many sockets can become stuck in the CLOSE_WAIT state. The number of CLOSE_WAIT sockets diminishes if you access the Administration Console. But if you do not access the Console for a while, the number of sockets in CLOSE_WAIT keeps increasing. Since a CLOSE_WAIT socket consumes file descriptors, the server eventually throws a "Too Many Open Files" error and hangs.
Severity: Warning
Rationale: Administration
Description: Sockets opened via HTTPUrlConnection or as part of a health check are not properly closing connections. This causes sockets to be stuck in the CLOSE_WAIT state. After starting all the servers, many sockets can become stuck in the CLOSE_WAIT state. The number of CLOSE_WAIT sockets diminishes if you access the Administration Console. But if you do not access the Console for a while, the number of sockets in CLOSE_WAIT keeps increasing. Since a CLOSE_WAIT socket consumes file descriptors, the server eventually throws a "Too Many Open Files" error and hangs.This problem, described in Oracle Bug 8077083, has been fixed in Oracle WebLogic Server 9.2.
Severity: Minor Warning
Rationale: Administration
Description: The "Too Many Open Files" error usually occurs after several concurrent users get a connection to the Server. Java opens many files in order to read in the classes required to run your application. High volume applications can use a lot of file descriptors. This could lead to a lack of new file descriptors. Also, each new socket requires a descriptor. Clients and Servers communicate via TCP sockets. Each browser's HTTP request consumes TCP sockets when a connection is established to a Server. Limiting the number of open sockets allowed prevents your server from running out of file descriptors.
Severity: Warning
Rationale: Performance
Description: Editing JSP tag files can cause a webapp to redeploy unexpectedly, and the ChangeAwareClassLoader for the web application archive (WAR) to be switched out mid-request. This causes ClassCastExceptions and other strange behavior.
Severity: Minor Warning
Rationale: Non-User Viewable Errors
Description: When Oracle WebLogic Server writes a message to the Message Queue via JMS wrappers, the transaction fails during commit, and an MQXAR is registered. When the registration is removed, the transaction works properly. If you use the JMS wrappers to write the message to Oracle WebLogic Server JMS, it also works correctly.
Severity: Critical
Rationale: Administration
Description: When Oracle WebLogic Server writes a message to the Message Queue via JMS wrappers, the transaction fails during commit, and an MQXAR is registered. When the registration is removed, the transaction works properly. It also works if the JMS wrappers are used to write the message to Oracle WebLogic Server.This problem, described in Oracle Bug 8078999, has been fixed in Oracle WebLogic Server 9.2.
Severity: Minor Warning
Rationale: Administration
Description: Oracle WebLogic Server unnecessarily persisted 2-Phase Commit records when it did not have any other IO work for a transaction in that store.
Severity: Minor Warning
Rationale: Performance
Description: The configuration of JMS Proxy Services with similar names (or names that start identically), for which Oracle Service Bus generates corresponding MDBs, causes a "name collision" TransportException error. In short, JMS Proxy Services with similar names result in MDBs with identical names. You may see <BEA-390105><Failed to create Oracle WebLogic Server artifacts preparing session weblogic: com.bea.wli.sb.transports.TransportException: [WliSbTransports:381518]The generated MDB EAR file name <PATH>/<EarName<.ear for service <ServiceName> is already used by another service. Please change the name this service to avoid a collision.The patch to Oracle Bug 8123788 for Oracle Service Bus 2.1 resolves this issue.
Severity: Warning
Rationale: Administration
Description: When a firewall connection timeout occurs, communication between Oracle WebLogic Tuxedo Connector and the Tuxedo TDomain gateway stops. However, the TCP ABORT event may not be generated by the firewall, which may produce undesirable results. A new KeepAlive feature prevents hung threads by keeping alive this connection between WTC and the Tuxedo TDomain.
Severity: Minor Warning
Rationale: Administration
Description: Even if url-rewriting-enabled is set to false as follows in weblogic.xml, URLRewriting cannot be disabled. <session-descriptor> <url-rewriting-enabled>false</url-rewriting-enabled> </session-descriptor>
Severity: Minor Warning
Rationale: Not Complying with Specifications
Description: There are issues with accessing a secure page from Internet Explorer Browser.The architecture is as follows:Browser < ------SSL ------> Oracle WebLogic Server (with -Dweblogic.security.SSL.protocolVersion=SSL3 setting)With the following setting in Internet Explorer, the secure page fails to load.SSL 2.0 (uncheck), SSL 3.0 (Check) and TLS 1.0 (check)
Severity: Minor Warning
Rationale: User Viewable Errors
Description: There are issues with accessing a secure page from Internet Explorer Browser.The architecture is as follows:Browser < ------ SSL ------> Oracle WebLogic Server (with -Dweblogic.security.SSL.protocolVersion=SSL3 setting)With the following setting in Internet Explorer, the secure page fails to load.SSL 2.0 (uncheck), SSL 3.0 (Check) and TLS 1.0 (check)This problem, described in Oracle Bug 8133872, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: User Viewable Errors
Description: When the application.xml context-root for a Web application is different from the weblogic-webservices.xml Web service-contextpath for the Web service, the console is unable to display either the Web Services Definition Language (WSDL) or the WS-Policy editor on the Configuration tab for the Web service.
Severity: Minor Warning
Rationale: Administration
Description: An SNMP agent is configured on a Oracle WebLogic Server 9.2 domain. This configuration has been tested in Oracle WebLogic Server 9.2 Maintenance Pack 2. However, running "snmpwalk" to get a managed object on a specific managed server in the domain, results in a "request timed out" message in the command line output, as follows:C:\bea922\user_projects\domains\base_domain>java snmpwalk -v v1 -c public@ms1-p 9161 localhost .1.3.6.1.4.1.140.625.340.1.30Request timed out to: localhost
Severity: Minor Warning
Rationale: Administration
Description: When trying to modify the LoginForm.jsp in the console-ext and then restarting the server, the changes are not being recognized. The server does not take the changes, and it still takes the default values for the LoginForm.jsp.
Severity: Minor Warning
Rationale: Administration
Description: This rule addresses two issues:1. Unable to receive final notify with header "subscription-state:terminated;reason=timeout": According to RFC 3265 Section 3.3.6, sending a SUBSCRIBE with Expires of 0 can be used for fetching status.Based on this the notifier should send NOTIFY with "subscription-state:terminated;reason=timeout" header right after 200 ACK. However, Oracle WebLogic Server SIP Server 3.0 is returning "481 Subscription does not exist".2. Oracle WebLogic Server SIP Server sending 481 for an Unsubscribe notify request:Oracle WebLogic Server SIP Server acting as SIP client is sending a "481 Subscription does not exist" for a "Notify" after a "Unsubscribe", instead of 481, it should send 200 OK.The patch to Oracle Bug 8113284 fixes both the issues.
Severity: Warning
Rationale: Not Complying with Specifications
Description: A JAAS Configuration can now be defined by setting the property 'java.security.auth.login.config' programmatically.
Severity: Minor Warning
Rationale: Subsystem Outage
Description: A JAAS Configuration can now be defined by setting the property 'java.security.auth.login.config' programmatically.This problem, described in Oracle Bug 8166117, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Subsystem Outage
Description: MaxHTTPMessageSize, MaxT3MessageSize, and MaxCOMMessageSize have been deprecated since Oracle WebLogic Server 8.1. Instead of using these protocol specific parameters, use separate network channels configured with a MaxMessageSize to limit incoming messages.
Severity: Minor Warning
Rationale: Administration
Description: In the admin console, when selecting "Deployments" in the "Domain Structure" node > web app > check in the Checkbox, and update, but the admin console does not allow the context-root to be specified.
Severity: Minor Warning
Rationale: Administration
Description: In the Administration Console, when selecting "Deployments" in the "Domain Structure" node > web app checkbox, you cannot specify the application's context-root.This problem has been fixed in Oracle WebLogic Server 10.3.
Severity: Minor Warning
Rationale: Administration
Description: In Oracle WebLogic Server 9.2, an "Uncaught Throwable in processSockets java.lang.NullPointer" error appears in the Server Log files.The error message is as follows:<Oct 2, 2007 2:13:44 PM MEST> <Error> <Socket> <su80sr716> <b1d_adm_v20_30748_su80sr716_server> <ExecuteThread: '8' for queue: 'weblogic.socket.Muxer'> <<WLS Kernel>> <> <> <1191327224287> <BEA-000405> <Uncaught Throwable in processSocketsjava.lang.NullPointerException.java.lang.NullPointerExceptionat weblogic.socket.MuxableSocketDiscriminator.dispatch(MuxableSocketDiscriminator.java:156)...>
Severity: Minor Warning
Rationale: Administration
Description: In Oracle WebLogic Server 9.2, an "Uncaught Throwable in processSockets java.lang.NullPointer" error appears in the server log files.The error message is as follows:<Oct 2, 2007 2:13:44 PM MEST> <Error> <Socket> <su80sr716> <b1d_adm_v20_30748_su80sr716_server> <ExecuteThread: '8' for queue: 'weblogic.socket.Muxer'> <<Oracle WebLogic Server Kernel>> <> <> <1191327224287> <BEA-000405> <Uncaught Throwable in processSocketsjava.lang.NullPointerException.java.lang.NullPointerExceptionat weblogic.socket.MuxableSocketDiscriminator.dispatch(MuxableSocketDiscriminator.java:156)...>This problem, see Oracle Bug 8128732, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 3.
Severity: Minor Warning
Rationale: Administration
Description: Under a heavy load, the following NullPointerException is seen. This is occurring due to an unidentified network error: [WliSbTransports:381304]Exception in HttpOutboundMessageContext.RetrieveHttpResponseWork.run: java.lang.NullPointerException java.lang.NullPointerException at com.bea.wli.sb.transports.http.HttpOutboundMessageContext.getResponse(HttpOutboundMessageContext.java:476) ...Instead of above NullPointerException, it should throw a meaningful message, such as "The HTTP connection is not available to access the response"The patch to Oracle Bug 8113503 corrects this problem.
Severity: Warning
Rationale: User Viewable Errors
Description: If you use a Sybase database with Oracle JRockit R27.1, R27.2, or R27.3, under high load the Sybase JDBC Connection Pool becomes disabled, with the following error:"java.sql.SQLException: JZ006: Caught IOException: java.io.IOException: JZ0EM: End of data."
Severity: Warning
Rationale: Subsystem Outage
Description: In a B2BUA+Forking proxy scenario under high load, Oracle WebLogic SIP Server 3.0 throws the following NullPointerException when it receives an ACK response: Filter Error java.lang.NullPointerExceptionat com.bea.wcp.sip.engine.server.TransactionManager.proxyToStatelessly(TransactionManager.java:1270)Oracle Bug 8128252 fixes the issue.
Severity: Warning
Rationale: Administration
Description: In a forking proxy scenario (for example, ForkingProxy + B2BUA + Proxy) under increased load, "java.lang.InternalError: Proxy is null" can occur repeatedly, as shown below:<[WLSS.Engine:330052]Failed to dispatch Sip message to servlet ForkingProxySipServlet java.lang.InternalError: Proxy is nullat com.bea.wcp.sip.engine.server.SipServletResponseImpl.getProxy(SipServletResponseImpl.java:317)at com.bea.wcp.sip.engine.SipServletResponseAdapter.getProxy(SipServletResponseAdapter.java:135)at .......Resolution:Patch Oracle Bug 8119822 fixes this issue.
Severity: Warning
Rationale: Performance
Description: Under high load, some of the log entries are missing from each Oracle WebLogic Server instance's access.log (located at //<DOMAIN>/servers/<SERVER NAME>/logs) file.This is due to the Oracle WebLogic Server internal file IO streaming issue.This problem, described in Oracle Bug 8104760, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Administration
Description: Under high load, some of the log entries are missing from each Oracle WebLogic Server instance's access.log (located at //<DOMAIN>/servers/<SERVER NAME>/logs) file.This is due to the Oracle WebLogic Server internal file I/O streaming issue.
Severity: Warning
Rationale: Administration
Description: An unexpected Exception occurs when clicking the Web service link in deployment tableAn unexpected exception has occurred processing your requestMessage: java.lang.RuntimeException: N/AStack Trace: com.bea.console.exceptions.ManagementException:java.lang.RuntimeException: N/A atcom.bea.console.utils.DeploymentUtils.getPlanForApp(DeploymentUtils.java:267)at com.bea.console.utils.DeploymentUtils.isPreDiabloWebService(DeploymentUtils.java:2242)...
Severity: Minor Warning
Rationale: User Viewable Errors
Description: This configuration is not supported by Oracle. The recommended configuration is as follows:* Oracle WebLogic Server 9.1.0* Red Hat Enterprise Linux for version AS, ES, WS 4.0 on X86, Itanium or AMD64/EM64T.* Oracle JRockit 5.0 (R25.2.0) JDK and all later 5.0 releases of Oracle JRockit
Severity: Warning
Rationale: Not Complying with Specifications
Description: This configuration is not supported by Oracle. The recommended configuration is as follows:* Oracle WebLogic Server 9.2.0* Red Hat Enterprise Linux for version AS, ES, WS 4.0 on x86, Itanium, or AMD64/EM64T* Red Hat Enterprise Linux 5.0 AS, ES, WS on x86, AMD64 or 64-bit Xeon, or Itanium* Oracle JRockit 5.0 (R25.2.0) JDK and all later 5.0 releases of Oracle JRockit
Severity: Warning
Rationale: Not Complying with Specifications
Description: This configuration is not supported by Oracle. The recommended configuration is as follows:* Oracle WebLogic Server 9.0* Solaris 8, 9, or 10* UltraSPARC architecture* Sun Java 2 SDK 1.5.0
Severity: Warning
Rationale: Not Complying with Specifications
Description: This configuration is not supported by Oracle. The recommended configuration is as follows:* Oracle WebLogic Server 9.1* Solaris 8, 9, and 10* UltraSPARC architecture* Sun Java 2 SDK 1.5.0
Severity: Warning
Rationale: Not Complying with Specifications
Description: This configuration is not supported by Oracle. The recommended configuration is as follows:* Oracle WebLogic Server 9.2.0* Solaris 8, 9, and 10* UltraSPARC architecture* Sun Java 2 JDK 5.0 with the Java HotSpot Client and Server VMs (32-bit)
Severity: Warning
Rationale: Not Complying with Specifications
Description: When running Oracle Entitlements Server 2.2 on Oracle WebLogic Server 9.x in production mode, Microsoft Windows XP is not a supported platform.
Severity: Warning
Rationale: Not Complying with Specifications
Description: This configuration is not supported by Oracle. The recommended configuration is as follows:* Oracle WebLogic Server 9.0* Windows XP Service Pack 2 and higher (32-bit)* Xeon, Pentium II or higher, x86, and compatible chip architectures (1.3 GHz)* BEA JRockit 5.0 (R25.2.0) JDK and all later 5.0 releases of JRockit or Sun Java 2 JDK 5.0 with Java HotSpot Client VM and all later service packs of 5.0
Severity: Warning
Rationale: Not Complying with Specifications
Description: This configuration is not supported by Oracle. The recommended configuration is as follows:* Oracle WebLogic Server 9.1* Windows XP Service Pack 1 and higher (32-bit)* Xeon, Pentium II or higher, x86, and compatible chip architecture* JDKs: Sun Java 2 SDK 5.0 or Oracle JRockit SDK 5.0
Severity: Warning
Rationale: Not Complying with Specifications
Description: This configuration is not supported by Oracle. The recommended configuration is as follows:* Oracle WebLogic Server 9.2.0* Windows XP Service Pack 1 and higher (32-bit)* Xeon, Pentium II or higher, x86, and compatible chip architecture* JDKs: Sun Java 2 JDK 5.0 (32-bit) with Java HotSpot Client VM or Oracle JRockit JDK 5.0 (R26.0.0)Note: Windows XP is supported for the design, development, and verification of applications; it is not supported for production server deployment.
Severity: Warning
Rationale: Not Complying with Specifications
Description: When setting the charset on the content type of the Response Object as 'application/vnd.ms-excel; charset=UnicodeLittle' (Japanese characters), Oracle WebLogic Server 9.2 throws UnsupportedEncodingException, as below:java.lang.IllegalArgumentException: unsupported encoding: 'UnicodeLittle': java.io.UnsupportedEncodingException: UnicodeLittleat weblogic.servlet.internal.ServletResponseImpl.setEncoding(ServletResponseImpl.java:1039)at weblogic.servlet.internal.ServletResponseImpl.setContentType(ServletResponseImpl.java:386)... ... ...
Severity: Minor Warning
Rationale: Administration
Description: An UnsyncCircularQueue$FullQueueException can occur in WorkManager, as shown below from the Oracle WebLogic Server Administration Server log:<Aug 1, 2008 7:08:59 PM EDT> <Critical> <WorkManager> <BEA-002911> <WorkManager weblogic.kernel.System failed to schedule a request due toweblogic.utils.UnsyncCircularQueue$FullQueueException: Queue exceed maximum capacity of: '65536' elements weblogic.utils.UnsyncCircularQueue$FullQueueException: Queue exceed maximum capacity of: '65536' elements at weblogic.utils.UnsyncCircularQueue.expandQueue(UnsyncCircularQueue.java:106) at weblogic.utils.UnsyncCircularQueue.put(UnsyncCircularQueue.java:139) ...
Severity: Minor Warning
Rationale: Administration
Description: There is an unwanted WorkContext element in the header of a successful submit response as follows:<soapenv:Envelope xmlns:soapenv='http://schemas.xmlsoap.org/soap/envelope/'> <soapenv:Headerxmlns:rel='http://www.3gpp.org/ftp/Specs/archive/23_series/23.140/schema/REL-5-MM7-1-2'xmlns:work='http://bea.com/2004/06/soap/workarea/'> <rel:TransactionID>aasdfre</rel:TransactionID> <work:WorkContext> <java version='1.5.0_10' class='java.beans.XMLDecoder'> <string/> </java> </work:WorkContext> </soapenv:Header> <soapenv:Body> <rel:SubmitRsp
Severity: Minor Warning
Rationale: Not Complying with Specifications
Description: The schema-based EJB deployment descriptors do not allow forward slash characters (/) as part of EJB name. This causes problems in scenarios where the EJB deployment descriptors are DTD based. The forward slash character is permitted as part of EJB name in DTD based descriptors. However, when these descriptors are upgraded to schema based descriptors, the forward slash characters cause failures.
Severity: Minor Warning
Rationale: Development
Description: The schema-based EJB deployment descriptors do not allow forward slash characters (/) as part of the EJB name. This causes problems in scenarios where the EJB deployment descriptors are DTD based. The forward slash character is permitted as part of EJB name in DTD-based descriptors. However, when these descriptors are upgraded to schema-based descriptors, the forward slash characters cause failures.This problem, described in Oracle Bug 8076531, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 1.
Severity: Minor Warning
Rationale: Development
Description: Certain Web services that use and throw a custom exception may still deploy successfully, but while starting the service, a <WS data binding error> occurs in the Standard Out on the server side.
Severity: Minor Warning
Rationale: Development
Description: Certain Web services that use and throw a custom exception may still deploy successfully, but while starting the service, a <WS data binding error> occurs in the Standard Out on the server side.This problem, described in Oracle Bug 8112824, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 3.
Severity: Minor Warning
Rationale: Development
Description: During a WLST session, after disconnecting from the Node Manager, users are able to reconnect to the Node Manager without passing the correct username and password to the nmConnect() method.
Severity: Critical
Rationale: Administration
Description: During a WebLogic Scripting Tool session, after disconnecting from the Node Manager, users are able to reconnect to the Node Manager without passing the correct username and password to the nmConnect() method.This problem, described in Oracle Bug 8114089, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Administration
Description: When there is a large JMS Queue (large number of messages/large messages), using the Oracle WebLogic Server Administration Console to export the queue causes an Out of Memory error.
Severity: Critical
Rationale: Server Outage
Description: When there is a large JMS Queue (large number of messages/large messages), using the Oracle WebLogic Server Administration Console to export the queue causes an Out of Memory error.This problem, described in Oracle Bug 8119615, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 3.
Severity: Minor Warning
Rationale: Server Outage
Description: For Oracle WebLogic Server 9.1, using the Oracle WebLogic Server JSP compiler may result in an infinite loop where the compilation never completes.
Severity: Critical
Rationale: Subsystem Outage
Description: Oracle WebLogic Server HTTP handlers do not support proxying of individual URL connections.Calling a JSP which uses a Proxy object, generates the following exception:java.lang.UnsupportedOperationException: Method not implemented. at java.net.URLStreamHandler.openConnection(URLStreamHandler.java:80) at java.net.URL.openConnection(URL.java:990) at jsp_servlet.__proxyobject._jspService(__proxyobject.java:121) at weblogic.servlet.jsp.JspBase.service(JspBase.java:34)
Severity: Warning
Rationale: Administration
Description: Oracle WebLogic Server HTTP handlers do not support proxying individual URL connections.Calling a JSP which uses a Proxy object, generates the following exception:java.lang.UnsupportedOperationException: Method not implemented. at java.net.URLStreamHandler.openConnection(URLStreamHandler.java:80) at java.net.URL.openConnection(URL.java:990) at jsp_servlet.__proxyobject._jspService(__proxyobject.java:121) at weblogic.servlet.jsp.JspBase.service(JspBase.java:34)This problem, described in Oracle Bug 8094926, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 1.
Severity: Minor Warning
Rationale: Administration
Description: For Oracle WebLogic Server 9.1, using the Oracle WebLogic Server JSP compiler may result in an infinite loop where the compilation never completes.This problem, described in Oracle Bug 8096097, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 1.
Severity: Minor Warning
Rationale: Subsystem Outage
Description: Using large schema (XQuery file using XSDs with circular imports) in the Eclipse XQuery Mapper is resulting in Out Of Memory Exceptions (OOMEs).Patch Oracle Bug 8111384 enables the XQuery Mapper to load large schema.
Severity: Critical
Rationale: Server Outage
Description: Using an array with a single element to pass a single parameter ("Test1") to the Java callout method does not succeed. However, passing more than one parameter ("Test1," "Test2," "Test3") does succeed.Resolution:Patch Oracle Bug 8163913 fixes this issue. A single array parameter is now correctly processed as an array.
Severity: Warning
Rationale: Administration
Description: This error may occur when a Tuxedo service is implemented on Oracle WebLogic Server using the WTC TuxedoService interface. When called in a transactional context, and the transaction is marked ROLLBACK_ONLY during service processing, the call never returns. The corresponding Tuxedo client blocks and eventually times out.
Severity: Warning
Rationale: Subsystem Outage
Description: This error may occur when a Tuxedo service is implemented on Oracle WebLogic Server using the WTC TuxedoService interface. When called in a transactional context, and the transaction is marked ROLLBACK_ONLY during service processing, the call never returns and the corresponding Tuxedo client blocks and eventually times out.This problem, described in Oracle Bug 8094803, has been fixed in Oracle WebLogic Server 9.2.
Severity: Minor Warning
Rationale: Subsystem Outage
Description: This error may occur when a Tuxedo service is implemented on Oracle WebLogic Server using the WTC TuxedoService interface. When called in a transactional context, and the transaction is marked ROLLBACK_ONLY during service processing, the call never returns and the corresponding Tuxedo client blocks and eventually times out.This problem, described in Oracle Bug 8067088, has been fixed in Oracle WebLogic Server 9.2.
Severity: Minor Warning
Rationale: Subsystem Outage
Description: On Windows, if the -Dweblogic.RootDirectory property containing the slash character "/" is specified for server startup, Oracle WebLogic Server fails with an IO exception and a DeploymentService message will be printed to the Administration Server log.
Severity: Minor Warning
Rationale: Administration
Description: Attempting to start a server on a Linux platform when setting the post-bind option in a UNIX machine can cause the server to core dump with a StackOverflow exception.This applies to Oracle JRockit R26.2 and above.
Severity: Critical
Rationale: Administration
Description: JRockit throws a divide by zero ArithmeticException when opening a file other than a JRA recording or a corrupted JRA recording. This issue has been fixed in JRockit R27.5.0. Here is an example error message:java.lang.ArithmeticException: / by zero at com.jrockit.jra.model.MemoryInfo.getAllocationFrequencySmallObjects(MemoryInfo.java:415) at com.jrockit.mc.jra.ui.general.GeneralContent.getFieldData(GeneralContent.java:129) at com.jrockit.mc.jra.ui.general.MiscSectionPart.createClient(MiscSectionPart.java:39) at com.jrockit.mc.jra.ui.sections.InfoSectionPart.initialize(InfoSectionPart.java:81) ...
Severity: Minor Warning
Rationale: Administration
Description: When an Initial Invite is sent by SIP, a 200 OK is returned. SIP responds with an ACK that has a different branch ID than the 200 OK. However, if a re-Invite is sent, and a 200 OK comes back, SIP responds with an ACK with the same branch ID as the 200 OK. This is a violation of the SIP standard.The Via header should contain the following:1) Same branch ID for a CANCEL and ACK for non-2xx responses2) Different branch ID for a ACK to a 2xx responses to an initial Invite3) Different branch ID for a ACK to a 2xx responses to a re-InviteResolution:Oracle Bug 8130657 fixes the issue. Now, ACK for the 2xx for a re-Invite will have a different branch ID.
Severity: Warning
Rationale: Not Complying with Specifications
Description: When calling remote EJB by IIOP with transaction, weblogic.corba.cos.transactions.CoordinatorImpl leaks occur on the client-side server. CoordinatorImpl are exported as CorbaServerRefs every time a remote EJB method with a transaction was invoked via IIOP. This does not happen with the T3 protocol.
Severity: Minor Warning
Rationale: Development
Description: When calling remote EJB by IIOP with transaction, weblogic.corba.cos.transactions.CoordinatorImpl leaks occur on the client-side server. CoordinatorImpl are exported as CorbaServerRefs every time a remote EJB method with a transaction was invoked via IIOP. This does not happen with the t3 protocol.This problem, described in Oracle Bug 8122690, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Development
Description: When WLDF Console Extension has been installed (the library had been copied into the extension folder in the domain) per the directions in the installation instruction, it does not work when using German or Spanish. The following exception is received:java.lang.NumberFormatException: For input string: "0,18"at sun.misc.FloatingDecimal.readJavaFormatString(Unknown Source)at java.lang.Double.parseDouble(Unknown Source)at com.bea.diagnostics.dashboard.WLDFSlider$LocalSlider.calcTransMin(WLDFSlider.java:99)at com.bea.diagnostics.dashboard.WLDFSlider$LocalSlider.setMinimum(WLDFSlider.java:94)...
Severity: Minor Warning
Rationale: Administration
Description: Oracle WebLogic Server Diagnostic Framework indexes log files in the background to facilitate accessor queries. With heavy logging activity, this can burden the CPU (up to 100%) even when no accessor queries are performed.This problem, described in Oracle Bug 8101514, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 3.
Severity: Minor Warning
Rationale: Performance
Description: Oracle WebLogic Server Diagnostic Framework indexes log files in the background to facilitate accessor queries. With heavy logging activity, this can burden the CPU (up to 100%) even when no accessor queries are performed.This problem, described in Oracle Bug 8195996, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 3.
Severity: Minor Warning
Rationale: Performance
Description: Oracle WebLogic Server Diagnostic Framework indexes log files in the background to facilitate accessor queries. With heavy logging activity, this can burden the CPU (up to 100%) even when no accessor queries are performed.
Severity: Critical
Rationale: Performance
Description: The Archive component of the Oracle WebLogic Diagnostic Framework (WLDF) captures and persists data events, log records, and metrics. WLDF can be configured to archive diagnostic data to a file store or a Java Database Connectivity (JDBC) data source. When using a JDBC archive for WLDF, Oracle WebLogic Server issues a full table select against each of the archive tables when starting the server. In a large database, issuing full selects when the server starts can delay the startup time and add large memory overhead to the server at runtime. You may use a file-based archive as a workaround. Oracle Bug 8143627 changes the behavior of Oracle WebLogic Server to verify that the table and columns exist, but not return any results.
Severity: Critical
Rationale: Administration
Description: The Archive component of the Oracle WebLogic Diagnostic Framework (WLDF) captures and persists all data events, log records, and metrics collected by WLDF from server instances and the applications running on them. WLDF can be configured to archive diagnostic data to a file store or a Java Database Connectivity (JDBC) data source. When using the JDBC archive for WLDF, Oracle WebLogic Server issues a full table select against each of the archive tables when starting the server. In a large database, a full select when the server starts can delay the startup time and add runtime memory overhead. You may use a file-based archive as a workaround. The problem, described in Oracle Bug 8143627, is fixed in Oracle WebLogic Server 9.2 Maintenance Pack 3.
Severity: Minor Warning
Rationale: Administration
Description: Integration EJBs are dependent on the libraries that are configured in the integration server's classpath. These are not accessible from Oracle Workshop for Oracle WebLogic Server space causing Browse Server EJBs not to list the deployed EJBs successfully, when invoked against Oracle WebLogic Integration.
Severity: Warning
Rationale: Development
Description: Integration EJBs are dependent on the libraries that are configured in the integration server's classpath. These are not accessible from Oracle Workshop for Oracle WebLogic Server space causing Browse Server EJBs not to list the deployed EJBs successfully, when invoked against Oracle WebLogic Integration.This problem, described in Oracle Bug 8111430, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Development
Description: If you use the Oracle WebLogic Scripting Tool (WLST) offline to generate a JMS module descriptor, you may not be able to set certain JMS Connection Factory Boolean parameters to "false" (for example: LoadBalancingParams "load balancing" and "Server affinity" attributes).The Java default of "false" for these Booleans is used by the WebLogic Scripting Tool (WLST)offline. When you attempt to set these to "false," WLST interprets that setting as redundant and does not persist the values to the JMS module descriptor.Workaround:Use WLST offline to create the JMS module descriptor, then edit these Boolean attribute values manually or using the Administration Console.
Severity: Minor Warning
Rationale: Administration
Description: The Oracle WebLogic Scripting Tool configToScript() generates invalid *.py files. The problem is in mixing Distributed Queues and Topics. At the moment the script is supposed to create Distributed Queue member, it callscmo.lookupDistributedTopicMember(beanName) and cmo.createDistributedTopicMember(beanName) instead of cmo.lookupDistributedQueue(beanName) and cmo.createDistributedQueue(beanName).
Severity: Minor Warning
Rationale: Administration
Description: WLST (Oracle WebLogic Scripting Tool) Config2Script does not handle Library Deployments.
Severity: Minor Warning
Rationale: Administration
Description: WLST (Oracle WebLogic Scripting Tool) Config2Script does not handle Library Deployments.This problem, described in Oracle Bug 8137428, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 3.
Severity: Minor Warning
Rationale: Administration
Description: WLST (Oracle WebLogic Scripting Tool) configToScript command is missing information about server debug configuration (denoted in <server-debug>).
Severity: Minor Warning
Rationale: Administration
Description: In Oracle WebLogic Server 9.0 and 9.1, the compatibility-m-bean-server-enabled attribute in the config.xml file is set to false by default. The purpose of this attribute is to prevent JMX clients from using the deprecated MBeanHome interface. However, when you use the Oracle WebLogic Scripting Tool (WLST) to connect to a server, WLST throws a connection error. This error does not occur when the compatibility MBean attribute is set to true.
Severity: Minor Warning
Rationale: User Viewable Errors
Description: Patches are required for Oracle WebLogic Server, Workshop and Portal for development with Oracle WebLogic Integration. These are supplied and can be installed during the WebLogic Server 9.2 product installation process. Either the mandatory patches were not installed during product installation, or the patches were not initialized.
Severity: Warning
Rationale: Development
Description: A SOAP message that includes a Web Services Security (WSSE) header is not working. The CERT included in the message is the "public" part of the key pair, as shown in the following example<wsse:Securityxmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";soapenv:mustUnderstand="1"> <wsse:BinarySecurityTokenxmlns:wsu= ... </wsse:BinarySecurityToken> <xenc:EncryptedKey> <xenc:EncryptionMethodAlgorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5";></xenc:EncryptionMethod> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> <wsse:SecurityTokenReference> <wsse:Reference URI="#EncCertId-1050691"ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0.pdf#X509v3";> </wsse:Reference> ...
Severity: Warning
Rationale: Administration
Description: A SOAP message that includes a Web Service Security (WSSE) header is not working. The CERT included in the message is the "public" part of the key pair. This problem, described in Oracle Bug 8057519, has been fixed in Oracle WebLogic Server 9.1.
Severity: Minor Warning
Rationale: Administration
Description: For example, create the following Web service:@WebServicepublic class T_WrapperTest { static final long serialVersionUID = 1L; @WebMethod public void hello(Integer i) { }}Generate the Web Services Definition Language (WSDL) for the Web service. Delete the Web service and regenerate the Web service from the WSDL file. The argument of method "hello" is "int" instead of "Integer". This is happens for other wrapper classes as well.
Severity: Minor Warning
Rationale: Not Complying with Specifications
Description: The document message style is generating correct type (9.0), while RPC message style still generates per release 8.1.Errors found in the following types:anyURI : generate String : expected java.net.URIDuration : generate com.bea.xml.GDuration : expected StringGYearMonth : generate java.util.Calendar : expected StringGYear : generate java.util.Calendar : expected StringGMonthDay : generate java.util.Calendar : expected StringGDay : generate java.util.Calendar : expected StringGMonth : generate java.util.Calendar : expected String
Severity: Minor Warning
Rationale: Not Complying with Specifications
Description: When invoking a Web service using one of the policy methods (prepackaged Policy Auth.xml) and using the Work Context API to propagate data across the Web service call, the Web service call fails. The WorkAreaClientHandler is added to the HandlerChain twice, thus setting the WorkArea Header twice and causing a duplicate header fault.
Severity: Warning
Rationale: Development
Description: When invoking a Web Service using one of the policy methods (prepackaged Policy Auth.xml) and using the Work Context API to propagate data across the Web service call, the Web service call fails. The WorkAreaClientHandler is added to the HandlerChain twice, thus setting the WorkArea Header twice and causing a duplicate header fault.This problem, described in Oracle Bug 8121485, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 3.
Severity: Minor Warning
Rationale: Development
Description: Oracle WebLogic Server Administration Console running Oracle WebLogic Tuxedo Connector (WTC) does not allow the creation of more than three Remote Access Points to Tuxedo. Adding more than three connections will typically fail with the error displaying in the Oracle WebLogic Server server log file:Could not create a TDMImport Remote access point cannot have more than three elements.
Severity: Minor Warning
Rationale: Administration
Description: Oracle WebLogic Tuxedo Connector cannot re-establish the connection to one or more remote Tuxedo domains if there is a network problem between the local domain and the remote Tuxedo domain(s). This problem disappears once the remote Tuxedo GWTDOMAIN gateway starts responding to the session negotiation protocol exchange.
Severity: Warning
Rationale: Subsystem Outage
Description: If a complete tBridge configuration includes the following:* one tBridge Global* one or more tBridge RedirectWTCtBridgeGlobal on a targeted WTC server cannot be activated when created or modified.
Severity: Minor Warning
Rationale: Administration
Description: Internet Explorer 6 has trouble parsing the fr.js resource file with a few special characters. The result is an incidental removal of quotes, causing the file to be unusable. With a non-US English browser, the WYSIWYG editor does not work because you cannot save files.
Severity: Minor Warning
Rationale: User Viewable Errors
Description: Internet Explorer 6 encounters issues when parsing the fr.js resource file with a few special characters. The result is an incidental removal of quotes, causing the file to be unusable. With a non-US English browser, the WYSIWYG editor does not work, and you cannot save files.This problem, described in Oracle Bug 8103801, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 1.
Severity: Minor Warning
Rationale: User Viewable Errors
Description: In the Oracle WebLogic Server console, the value of "Waiting For Connection Success Total" JDBC Connection pool monitoring is incorrect. Even when there are no waiters connection, "Waiting For Connection Success Total" count increases.
Severity: Minor Warning
Rationale: Administration
Description: In the Oracle WebLogic Server console, the value of "Waiting For Connection Success Total" JDBC Connection pool monitoring is incorrect. Even when there are no waiters connection, "Waiting For Connection Success Total" count increases.This problem, described in Oracle Bug 8125231, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Administration
Description: Watch alarms are not re-evaluated after automatic reset.
Severity: Minor Warning
Rationale: Administration
Description: Watch alarms are not re-evaluated after automatic reset.This problem, described in Oracle Bug 8110681, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Administration
Description: Monitoring=>Web Applications tab of a webapp module of an enterprise application shows all the web applications present in that enterprise application.Same thing happens under Monitoring => servlets tab. It shows all the servlets present in the application.
Severity: Minor Warning
Rationale: User Viewable Errors
Description: A Web service client makes a connect() call multiple times before throwing a SOAPFaultException when a destination host is unreachable or down. Because the Web service client makes the connect() call many times before it reports the SOAPFaultException, it takes a longer time to get the SOAPFaultException.
Severity: Warning
Rationale: Performance
Description: A Web service client makes a connect() call multiple times before throwing a SOAPFaultException when a destination host is unreachable or down. Because the Web service client makes the connect() call many times before it reports the SOAPFaultException, it takes a longer time to get the SOAPFaultException.This problem, described in Oracle Bug 8164881, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 3.
Severity: Minor Warning
Rationale: Performance
Description: A NullPointerException error is thrown in the WLS client if the wsdl:fault has soap:body as element. For example, using the soap:body element in the following Web Service Definition Language (WSDL) results in errors:<wsdl:fault name="ioprTBESTANDException"> <soap:body use="literal" /></wsdl:fault>However, using the soap:fault element as shown in the following Web Service Definition Language (WSDL) works correctly:<wsdl:fault name="ioprTBESTANDException"> <soap:fault use="literal" /></wsdl:fault>
Severity: Minor Warning
Rationale: Not Complying with Specifications
Description: If a Web application does not read the POST data when Keep-Alive is disabled, Oracle WebLogic Server closes the socket without draining the socket input stream. This can cause an RST packet to be sent to a client.This problem, described in Oracle Bug 8097655, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 3.
Severity: Minor Warning
Rationale: Not Complying with Specifications
Description: When using a security policy with an abstract Identity assertion (for example, in the default Auth.xml file), the X509 token is included as a supported identity token regardless of whether or not the UseX509ForIdentity attribute has been enabled on the WebServiceSecurity MBean.
Severity: Warning
Rationale: Not Complying with Specifications
Description: Web services invoked through a JMS transport may change any non-ASCII data in the request or its attachments.
Severity: Minor Warning
Rationale: Subsystem Outage
Description: When a web service client tries to use HTTPS to access a web service that only supports the HTTP protocol, an "Invalid/unknown SSL header was received" error occurs.
Severity: Minor Warning
Rationale: User Viewable Errors
Description: If the <mime-type> attribute contains a plus symbol ('+'), it causes the web.xml schema validation to fail. For example, the following attribute would cause a failure:"<mime-type>image/svg+xml</mime-type>"This failure occurs because Oracle WebLogic Server 9.1 validates the web.xml schema internally by means of the original web-app_2_4.xsd schema. This schema had a defect, which has subsequently been corrected. The original schema used the <mime-type> regular expression as follows:[\p{L}\-\p{Nd}]+/[\p{L}\-\p{Nd}\.]+This error has been corrected, and the Sun XSD schema has been subsequently updated, and Oracle WebLogic Server 9.2 now uses this corrected schema.
Severity: Minor Warning
Rationale: Development
Description: WebLogic.net.http.HttpURLConnection may cause failures when KeepAlive is used. A Web Service is deployed on Oracle WebLogic Server 9.2, and this Web Service is called every 10 seconds from a JAX-WS client deployed on another Oracle WebLogic Server 9.2 server. Both servers are separated by an Apache 2.2.3 forward and reverse proxy, as follows:Oracle WebLogic Server 9.2 - > Apache 2.2.3 - > Oracle WebLogic Server 9.2 (JAX-WS Web Service client) (forward and reverse proxy) (hosting Web Service). This problem, Oracle Bug 8164650, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 3
Severity: Minor Warning
Rationale: Not Complying with Specifications
Description: WebLogic.net.http.HttpURLConnection may cause failures when KeepAlive is used. This can occur in the following scenario: A Web service is deployed on Oracle WebLogic Server 9.2, and the Service is called every 10 seconds from a JAX-WS client deployed on another Oracle WebLogic Server 9.2 server. Both servers are separated by an Apache 2.2.3 forward and reverse proxy, as follows: The JAX-WS client uses weblogic.net.http.HttpURLConnection to call the Web service. The response from the Oracle WebLogic Server 9.2 Web service arrives with chunked encoding; but, at the receiving end, the Oracle WebLogic Server HttpURLConnection fails to strip the chunk internal information and sends a corrupted InputStream to JAX-WS, causing a parsing failure.
Severity: Critical
Rationale: Not Complying with Specifications
Description: When you create an XMLBeans-based Web service, the XMLBeans are built from an XSD. The Web Service compiles fine and the resulting application deploys successfully. You can retrieve the Web Service Definition Language (WSDL) for the Web service. However, when you request the Web Service test page, you will get the following runtime exception and the message provided below is displayed in the browser:http://nnn.nnn.nnn.nnn:7001/WebserviceWeb/availabilitymanagerservices/WSGet_OTA_LowFareSearchV1?WSDL failed due to weblogic.testclient.WsdlParseFailedException: Could not find schema for namespace ..Here is what you see in the stdout of the server:java.lang.RuntimeException: weblogic.testclient.WsdlParseFailedException:Could not find schema for name space.
Severity: Warning
Rationale: Administration
Description: A NullPointerException error is thrown in the Oracle WebLogic Server client if the wsdl:fault has soap:body as element. For example, using the soap:body element in the following Web Service Definition Language (WSDL) results in errors:<wsdl:fault name="ioprTBESTANDException"> <soap:body use="literal" /></wsdl:fault>However, using the soap:fault element as shown in the following Web Service Definition Language (WSDL) works correctly:<wsdl:fault name="ioprTBESTANDException"> <soap:fault use="literal" /></wsdl:fault>This problem, described in Oracle Bug 8114574, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Not Complying with Specifications
Description: For Oracle WebLogic SIP Server 3.0, when ACK request send via an external SIP container other than Oracle WebLogic Server SIP Server, doAck is not called.The routing of ACK should be correctly processed if the Contact header of 2xx response is set to Request-URI, but it is failing in the above scenario.If WebSphere B2BUA replaces with Oracle WebLogic SIP Server, doAck is called correctly.
Severity: Warning
Rationale: Not Complying with Specifications
Description: When using a Request Dispatcher to forward the request to a different context, request.getContextPath() returns a malformed context path.This problem, described in Oracle Bug 8111076, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Not Complying with Specifications
Description: When using Oracle WebLogic Server 9.x jwsc-generated Web Service Description Language in Oracle WebLogic Server 8.1, these two issues must be addressed:1. The XML namespaces used for the complex types for the input parameter type and the return type were not imported first using xs:import. The Oracle WebLogic Server 8.1 clientgen requires these namespaces to be imported; otherwise Oracle WebLogic Server 8.1 clientgen fails.2. If an input parameter type and the return type have the same name, message parts are created that are named the same across both the request message and the response message for the same operation and 8.1 clientgen fail will fail. The problem, described in Oracle Bug 8112794, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Warning
Rationale: Administration
Description: When using Oracle WebLogic Server 9.x jwsc-generated Web Service Description Language in Oracle WebLogic Server 8.1, the following two issues occurred: 1.The XML namespaces used for the complex types for the input parameter type and the return type were not imported first using xs:import. The Oracle WebLogic Server 8.1 clientgen requires these namespaces to be imported; otherwise Oracle WebLogic Server 8.1 clientgen fails. 2.The foo property on both the input parameter type and the return type creates message parts that are named the same across both the request message and the response message for the same operation.Oracle Bug 8112794 has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Administration
Description: Oracle JRockit 1.5_02 (R25.0.0) and Oracle JRockit 1.5_03 (R25.2.0) running on Windows 2000 requires Service Pack 2 or higher. This signature indicates that you are running no service pack or one less than Service Pack 2. Upgrade to Windows 2000 SP 2 or higher.
Severity: Critical
Rationale: Not Complying with Specifications
Description: Windows 2000 SP2 and higher is required for Oracle JRockit 1.4.2_03 through 1.4.2_11
Severity: Warning
Rationale: Not Complying with Specifications
Description: Windows 2000 SP4 and higher required for Oracle JRockit 1.5_04 through Oracle JRockit 1.5_06.
Severity: Critical
Rationale: Not Complying with Specifications
Description: If you are running on Linux or Solaris and press Ctrl-C to properly shut down your application, it will actually terminate immediately and you risk losing any runtime data that hasn't been saved to disk or a database. This happens because Oracle JRockit fails to register the SIGINT signal handler used for the shut down hooks.This issue does not apply to applications running on Windows.
Severity: Critical
Rationale: Administration
Description: The users in the Administration Console (Security Realms > myrealm > Users and Groups) are not visible when Oracle JRockit R27.4.0 is used. However, this is not the case with previous Oracle JRockit versions.
Severity: Warning
Rationale: Administration
Description: If a Work Manager is defined as a system resource that controls the behavior of Message-Driven Beans, these MDBs do not pick up the Work Manager settings correctly when a server is restarted. As a result, they uses the default (local) Work Manager instead.
Severity: Warning
Rationale: Administration
Description: If you are using ALBPM 6.0.4 on Oracle WebLogic Server 9.2.x, and if you have ALBPM processes that contain Global Automatic Activities, then these Global Automatic Activities listen to JMS queues for messages. In ALBPM 6.x implementation, the engine implements this type of Global Automatic Activity by scheduling a work item with the WorkManager (default or custom). The WorkManager runs the work item in one of its threads. The work item, when executed, dynamically creates a JMS queue consumer that represents a Global Automatic Activity. The issue is that you may not notice any consumers on some queues after server start up.
Severity: Critical
Rationale: Server Outage
Description: If a Web application (.war) is deployed through the Administration Console, the following exception occurs. However, the application can be deployed successfully using WebLogic Scripting Tool (WLST).Error opening /jsp/app/install/Identity.jsp.The source of this error is javax.servlet.ServletException:javax.xml.transform.TransformerException:com.sun.org.apache.xml.internal.utils.WrappedRuntimeException: Element type"input" must be followed by either attribute specifications, ">" or "/>". atweblogic.servlet.jsp.PageContextImpl.handlePageException(PageContextImpl.java:409)at jsp_servlet._jsp._app._install.__identity._jspService(__identity.java:163)at weblogic.servlet.jsp.JspBase.service(JspBase.java:34)...
Severity: Minor Warning
Rationale: Administration
Description: When trying to update a valid XML Schema in the Resource Browser, sometimes a "java.lang.StackOverflowError" is thrown.For example, importing a "sbconfig.jar" file into Oracle Service Bus works fine. Opening a schema file in edit mode and trying to save it, without even modifying it, throws an exception like the following:Message Exception encountered.Type java.lang.StackOverflowErrorThis occurs in the case of schema file names that have more than one "." character.This has been observed in Oracle Service Bus 2.5 and 2.6. Oracle Bug 8108623 fixes this issue and a patch from Oracle Bug 8108623 is readily available for Oracle Service Bus 2.5.
Severity: Warning
Rationale: Administration
Description: The problem appears to occur only when a Web Service Definition Language (WSDL) schema type extends another. Only the element content is missing. Attribute inheritance appears to work fine.For example <xs:complexType name="FreeTextType"> <xs:simpleContent> <xs:extension base="xs:string"> <xs:attributeGroup ref="LanguageGroup"/> </xs:extension> </xs:simpleContent> </xs:complexType>... <xs:complexType name="WarningType"> <xs:simpleContent> <xs:extension base="FreeTextType"> <xs:attribute name="Type" type="OTA_CodeType" use="required"/> <xs:attributeGroup ref="ErrorWarningAttributeGroup"/> </xs:extension> </xs:simpleContent> </xs:complexType>If we change the definition of WarningType to eliminate the inheritance from FreeTextType, it works.
Severity: Minor Warning
Rationale: Not Complying with Specifications
Description: The problem occurs when a Web Service Definition Language (WSDL) schema type extends another. The problem, described in Oracle Bug 8091968, has been fixed in Oracle WebLogic Server 9.2.
Severity: Minor Warning
Rationale: Not Complying with Specifications
Description: XQuery transformations (Java to XML and vice-versa) may throw a com.bea.transform.TransformException. This can occur if an array field of "custom type" is present, or if the element "paging" is not recognized by the mapping.
Severity: Critical
Rationale: Subsystem Outage
Description: DuplicateElement exception is raised when an ObjectHolder parameter is set to a specific schema type.Workaround or Solution:Use an XMLBean as a SOAP header. You must create a holder class for the XMLBean and package it in the generated XML bean JAR file. This holder must be in the same root package as XMLBean, and in a holders subpackage, and named <XMLBean Class>Holder, where <XMLBean Class> is the name of the XMLBean class to be passed as the header IN/OUT parameter. Use the holder org.t1M1.tml.tMLTransport.holders.TMLHeaderDocumentHolder for holding org.t1M1.tml.tMLTransport.TMLHeaderDocument. In the JWS (Java Web service) file, use this holder for the header parameter. The holder class is in the format of JAX-RPC holder.
Severity: Minor Warning
Rationale: Not Complying with Specifications
Description: The DuplicateElement exception is raised when an ObjectHolder parameter is set to a specific schema type.If using XMLBean as a SOAP header, you must create a holder class for the XMLBean and package it in the generated JAR file. The holder class is in the format of JAX-RPC holder.You will see the following in the log when you try to publish the Web service:Caused by: com.bea.xml.XmlException:error: sch-props-correct.2: Duplicate global element:...The problem, described in Oracle Bug 8107438, is fixed in Oracle WebLogic Server 9.2 Maintenance Pack 2.
Severity: Minor Warning
Rationale: Not Complying with Specifications
Description: Unable to capture diagnostic image with specified lockout minutes.<Aug 18, 2005 5:09:14 AM EDT> <Debug> <DiagnosticImage> <000000> <JVMSource Adding ThreadDump using JRockit Thread MxBean Extension><Aug 18, 2005 5:09:14 AM EDT> <Debug> <DiagnosticImage> <000000> <Added image source JVM to archive:D:\weblogic\dev\src\wls\tools\weblogic\qa\tests\config\DiagnosticsTest\servers\adminServer\logs\diagnostic_images\diagnostic_image_adminServer_2005_08_18_05_09_07.zip in 500 ms.>Throwable(s) reported:java.util.zip.ZipException: Could not find End Of Central Directory at java.util.zip.ZipFile.<init>(Unknown Source) at java.util.zip.ZipFile.<init>(Unknown Source) ...
Severity: Minor Warning
Rationale: Administration
Description: When running Oracle JRockit R27.1.0 with the load environment, the JVM detects a false positive Java-level deadlock, as follows:[deadlocked thread] [ACTIVE] ExecuteThread: '334' for queue:'weblogic.kernel.Default (self-tuning)': - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Thread '[ACTIVE] ExecuteThread: '334' for queue: 'weblogic.kernel.Default(self-tuning)'' is waiting to acquire lock'weblogic.messaging.kernel.internal.QueueImpl@43fbf06' that is held by thread'[ACTIVE] ExecuteThread: '334' for queue: 'weblogic.kernel.Default(self-tuning)''After this, the Server state is changed to FAILED. This thread is unblocked already in the next thread dump that is taken automatically by the core health monitoring system.
Severity: Warning
Rationale: Administration
Description: With JRockit R27.4.0, when an Oracle WebLogic Server cluster peer attempts to synchronize with a peer, a java.lang.ClassCastException is raised in DistributedDestinationImpl.java, without a successful cluster peer synchronization.For example, the following stack trace excerpt occurred in an Oracle WebLogic Portal 8.1 Maintenance Pack 3 cluster domain with JRockit 142_15 (R27.4.0) and migratable JMS Servers configured for managed servers. During the start up of managed servers, the following exception was raised:...java.lang.ClassCastException: weblogic.rmi.internal.CBVOutputStream$CBVObjectOutputStream at weblogic.jms.common.DistributedDestinationImpl.writeExternal(DistributedDestinationImpl.java:328) at...
Severity: Warning
Rationale: Administration
Description: In some cases PathPrepend and PathTrim are not properly applied on the backend server when the request is forwarded through Plug-ins while using response.redirectURL() or response.encodeRedirectURL() in the JSPs. PathTrim should be applied only if PathPrepend is undefined or PathPrepend has been applied to the URL on the backend server while calling response.encodeRedirectURL(url) or response.redirectURL(url).
Severity: Minor Warning
Rationale: User Viewable Errors
Description: In some cases PathPrepend and PathTrim are not properly applied on the backend server when the request is forwarded through Plug-ins while using response.redirectURL() or response.encodeRedirectURL() in the JSPs. PathTrim should be applied only if PathPrepend is undefined or PathPrepend has been applied to the URL on the backend server while calling response.encodeRedirectURL(url) or response.redirectURL(url).This problem, described in Oracle Bug 8095189, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 1.
Severity: Minor Warning
Rationale: User Viewable Errors
Description: In case of Authetication failure, for a SOAP 1.2 based Web service , the SOAP fault does not contain the expected content-type of application/soap+xml.The stack trace generated is as follows:javax.xml.soap.SOAPException: Unsupported Content-Type: text/xml at weblogic.xml.saaj.SOAPMessageImpl.constructMessage(SOAPMessageImpl.java:225) at weblogic.xml.saaj.SOAPMessageImpl.<init>(SOAPMessageImpl.java:149) at weblogic.xml.saaj.MessageFactoryImpl.createMessage(MessageFactoryImpl.java:79) at weblogic.xml.saaj.MessageFactoryImpl.createMessage(MessageFactoryImpl.java:60) at weblogic.wsee.connection.soap.SoapClientConnection.createSOAPMessage(SoapClientConnection.java:128) Truncated.
Severity: Minor Warning
Rationale: Not Complying with Specifications
Description: In case of Authetication failure, for a SOAP 1.2 based Web Service, the SOAP fault does not contain the expected Content-Type of application/soap+xml.The stack trace generated is as follows:javax.xml.soap.SOAPException: Unsupported Content-Type: text/xml at weblogic.xml.saaj.SOAPMessageImpl.constructMessage(SOAPMessageImpl.java:225)...This problem, described in Oracle Bug 8163822, has been fixed in Oracle WebLogic Server 9.2 Maintenance Pack 3.
Severity: Minor Warning
Rationale: Not Complying with Specifications
The compliance rules for the Rules For Potential Wls V10 Problems Which May Result In System Outages Or Downtime standard follow.
Description: Cannot display the JNDI tree on the Oracle WebLogic Server console on a managed server. It seems that the problem is caused by an empty <jndi-name> tag, which was accidentally added in the datasource configuration file.<jdbc-data-source-params> <jndi-name>dsGestionRepresentations</jndi-name> <jndi-name></jndi-name><global-transactions-protocol>TwoPhaseCommit</global-transactions-protocol></jdbc-data-source-params>Will see a StackOverflowError in the logs as a symptom of this problem.
Severity: Critical
Rationale: Server Outage
Description: When using the -Dweblogic.iiop.useJavaSerialization flag in a call over IIOP, an org.hibernate.LazyInitializationException can occur.
Severity: Critical
Rationale: Server Outage
Description: For Oracle WebLogic Server 10.0 with EJB3.0, an ApplicationException occurs. Annotation does not work with unchecked exceptions.
Severity: Critical
Rationale: Server Outage
Description: In some circumstances, SSL clients that run outside the server environment may not find all possible ciphers with which to construct the list of potential SSL cipher suites resulting in use of the default null cipher (no encryption).This advisory corrects this issue by supplying jars and instructions to ensure all cipher suites are found.
Severity: Critical
Rationale: Server Outage
Description: An attacker could obtain and exploit information that is not encrypted when a null cipher suite is in use. Under certain circumstances, when a client does not offer support for any of the cipher suites available in the server, then the server may select a cipher suite that uses a null cipher; this may result in SSL communication that is not encrypted.This advisory corrects this issue by logging a message when null cipher is in use and also provides administrators the ability to disable the use of null ciphers during SSL communications with SSL clients.
Severity: Critical
Rationale: Server Outage
Description: Contact Oracle Support or visit support.oracle.com for the following information:- A JavaDoc defect may lead to the generation of HTML documentation pages with potential cross-site scripting (XSS) vulnerability.- A buffer overflow vulnerability in the JRE image parsing code may allow an untrusted applet or application to elevate its privileges.- A vulnerability in the JRE font parsing code may allow an untrusted applet to elevate its privileges.- The Java XML Digital Signature implementation in JDK and JRE 6 does not securely process XSLT stylesheets in XSLT Transforms in XML Signatures.- A JRE Applet Class Loader security vulnerability may allow an untrusted applet that is loaded from a remote system to circumvent network access.
Severity: Critical
Rationale: Administration
Description: The Java Secure Socket Extension (JSSE) that is included in various releases of the Java Runtime Environment does not correctly process SSL/TLS handshake requests. This vulnerability may be exploited to create a Denial of Service (DoS) condition to the system as a whole on a server that listens for SSL/TLS connections using JSSE for SSL/TLS support. For more information, please contact Oracle Support or visit support.oracle.com.This advisory corrects this issue by supplying patched versions of JRockit.
Severity: Critical
Rationale: Administration
Description: An attacker can spoof certain information in a request header that can lead to possibly getting access to application servlets that rely on this information for authentication.This advisory corrects this issue by ensuring that the header information is properly handled before passing it to the servlet.
Severity: Critical
Rationale: Administration
Description: WebLogic security policies can be configured to restrict the access to a JMS destination. If an application user does not have the "receive" permission to a JMS destination (queue/topic), an attempt to receive messages from that destination by the application should fail with security errors. By exploiting this vulnerability, an unauthorized user may be able to receive messages from a standalone (physical) JMS Topic destination or a member of a secured Distributed Topic member destination.This advisory resolves this issue by checking permissions before allowing a subscriber to use a durable subscription.
Severity: Critical
Rationale: Administration
Description: The distributed queue feature in Oracle WebLogic Server JMS provides higher availability in a clustered environment. If a JMS client sends a message to a distributed queue and encounters a problem with one member of that distributed queue (the member is down, the member exceeds its quota, access denied, etc), internally the JMS subsystem will retry another member of the same distributed destination. In certain configurations, an unauthorized user is able to send messages to a secure distributed queue.This advisory corrects the problem and ensures that the correct user identity is maintained.
Severity: Critical
Rationale: Administration
Description: Cross-Site Scripting (XSS) vulnerabilityFor more information, see:http://download.oracle.com/docs/cd/E13222_01/wls/docs81/servlet/progtasks.html#160803Background: Cross-Site Scripting (XSS) vulnerabilities are well documented in the industry. An XSS vulnerability requires three parties:Installers, updates, patches and more information are available at support.oracle.com.
Severity: Critical
Rationale: Administration
Description: In order to exploit this vulnerability, an attacker must have access to the server's console login page and have a non-administrator user account on that server. A session fixation vulnerability exists which can result in elevation of the attacker's privileges. For more information about Session Fixation attacks, see:http://en.wikipedia.org/wiki/Session_fixationThis advisory corrects this issue by always regenerating an auth cookie on login.
Severity: Critical
Rationale: Administration
Description: In order to avoid brute-force credential attacks, Oracle WebLogic Server has a mechanism that locks the corresponding user account after a certain number of invalid login attempts. By default, the account is locked after 5 invalid login attempts and remains locked for 30 minutes.Even after a user has been locked out, logon requests to certain carefully constructed URLs can still give hints as to whether the password is correct or not. This allows a sophisticated attacker to successfully run a brute-force password attack, a dictionary attack, or other similar attacks.The patch associated with this advisory corrects the problem. All sites that use servlets are vulnerable to this problem.
Severity: Critical
Rationale: Administration
Description: An attacker can use a carefully constructed URL to cause BEA's proxy plugin to crash the Sun, IIS or Apache web server process. On re-start, this may cause in-flight requests to be lost. This can cause a temporary denial of service. This attack can be exploited remotely, and the attacker does not need any authentication.This advisory resolves the issue in the plugin by correctly handling URLs.
Severity: Critical
Rationale: Administration
Description: This is a combined security advisory. These vulnerabilities are fixed in JRockit R27.5.0. Installers, updates, patches and more information are available at support.oracle.com.
Severity: Critical
Rationale: Administration
Description: Cross-Site Scripting (XSS) vulnerabilityFor more information, see:http://download.oracle.com/docs/cd/E13222_01/wls/docs81/servlet/progtasks.html#160803Caution About Existing Samples:Our samples are intended to provide a simple tutorial regarding a few specific features. They are not comprehensive guides to best practices. Many of them omit the use of the Utils.encodeXSS() method or other XSS preventative techniques in needed places and are hence vulnerable to XSS attacks.
Severity: Critical
Rationale: Administration
Description: Advisory CVE-2009-1006 refers to all the vulnerability fixes that have been made in JRockit for addressing the applicable issues. The applicable advisories include:CVE 2008-5347CVE 2008-5348CVE 2008-5349CVE 2008-5350CVE 2008-5351CVE 2008-5352CVE 2008-5353CVE 2008-5354CVE 2008-5356CVE 2008-5360xFor more information, please contact Oracle Support or visit support.oracle.com.
Severity: Critical
Rationale: Administration
Description: Information Disclosure vulnerability in the WebLogic console or server log.
Severity: Critical
Rationale: Administration
Description: Information disclosure vulnerability in WebLogic Server plug-ins for Apache, Sun, and IIS Web servers.
Severity: Critical
Rationale: Administration
Description: Information disclosure in JSP pages.
Severity: Critical
Rationale: Administration
Description: Elevation of privilege vulnerabilities in the UDDI Explorer.
Severity: Critical
Rationale: Administration
Description: Denial-of-Service vulnerability in WebLogic Server.
Severity: Critical
Rationale: Server Outage
Description: A vulnerability in the Java Management Extensions (JMX) management agent included in the Java Runtime Environment (JRE) may allow a JMX client running on a remote host to perform unauthorized operations on a system running JMX with local monitoring enabled.For more information, please contact Oracle Support or visit support.oracle.com.
Severity: Critical
Rationale: Administration
Description: Security vulnerabilities in the Java Runtime Environment may allow an untrusted applet that is loaded from a remote system to circumvent network access restrictions and establish socket connections to certain services running on machines other than the one that the applet was downloaded from. This may allow the untrusted remote applet the ability to exploit any security vulnerabilities existing in the services it has connected to.For more information, please contact Oracle Support or visit support.oracle.com.
Severity: Critical
Rationale: Administration
Description: A vulnerability in the Java Runtime Environment related to the processing of XML data may allow unauthorized access to certain URL resources (such as some files and web pages) or a Denial of Service (DoS) condition to be created on the system running the JRE.For more information, please contact Oracle Support or visit support.oracle.com.
Severity: Critical
Rationale: Administration
Description: A vulnerability in the Java Runtime Environment with processing XML data may allow an untrusted applet or application that is downloaded from a website unauthorized access to certain URL resources (such as some files and web pages).For more information, please contact Oracle Support or visit support.oracle.com.
Severity: Critical
Rationale: Administration
Description: A buffer overflow security vulnerability with the processing of fonts in the Java Runtime Environment (JRE) may allow an untrusted applet or application to elevate its privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet.For more information, please contact Oracle Support or visit support.oracle.com.
Severity: Critical
Rationale: Administration
Description: A vulnerability in the Java Runtime Environment relating to scripting language support may allow an untrusted applet or application to elevate its privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet.For more information, please contact Oracle Support or visit support.oracle.com.
Severity: Critical
Rationale: Administration
Description: A vulnerability in the Java Runtime Environment relating to scripting language support may allow an untrusted applet to access information from another applet.For more information, please contact Oracle Support or visit support.oracle.com.
Severity: Critical
Rationale: Administration
Description: Recently, an exploit has been made public which may impact the availability, confidentiality, or integrity of WebLogic Server applications that use the Apache web server configured with the WebLogic plug-in for Apache. This vulnerability may be remotely exploitable without authentication (that is, it may be exploited over a network without the need for a username and password).
Severity: Critical
Rationale: Server Outage
Description: This vulnerability may impact the availability, confidentiality, or integrity of WebLogic Server applications which use the Apache web server configured with the WebLogic plug-in for Apache. This vulnerability may be remotely exploitable without authentication, that is, it may be exploited over a network without the need for a username and password.
Severity: Critical
Rationale: Administration
Description: This vulnerability in some NetUI tags may allow an attacker to read unauthorized data. This may be exploited over a network.
Severity: Critical
Rationale: Administration
Description: Under certain conditions, some applications in admin state may be made available to non admin users.
Severity: Critical
Rationale: Administration
Description: If you upgrade from Oracle WebLogic Server 8.1SP3 to a higher version and use auth-method as CLIENT-CERT, some web apps which were protected in Oracle WebLogic Server 8.1SP3 may be made available to an invalid user.
Severity: Critical
Rationale: Administration
Description: This vulnerability may impact the availability, confidentiality or integrity of WebLogic Server applications, which use the Apache, Sun, or IIS web server configured with the WebLogic plug-in for Apache, Sun, or IIS, respectively. This vulnerability may be remotely exploitable without authentication, that is, it may be exploited over a network without the need for a username and password.
Severity: Critical
Rationale: Administration
Description: Certain circumstances may cause some information disclosure in WebLogic Server JSPs and servlets.
Severity: Critical
Rationale: Subsystem Outage
Description: This vulnerability in Oracle WebLogic Console may allow information disclosure and elevation of privileges. This may be exploited over a network.
Severity: Critical
Rationale: Subsystem Outage
Description: This vulnerability in WebLogic Portal may allow elevation of privileges. This may be exploited over a network.
Severity: Critical
Rationale: Administration
Description: Oracle has released Critical Patch Updates for October 2009 that provide corrective action for potential security vulnerabilities for Oracle JRockit R27.6.3 JRE/JDK 1.6.0_11. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Administration
Description: Oracle has released Critical Patch Updates for July 2009 that provide corrective action for potential security vulnerabilities for Oracle WebLogic Server 10.0. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Server Outage
Description: This vulnerability in WebLogic Server may allow elevation of privileges. This may be exploited over a network.
Severity: Critical
Rationale: Administration
Description: This vulnerability in WebLogic Server may allow access to source code of web pages. This may be exploited over a network.
Severity: Critical
Rationale: Administration
Description: This vulnerability may impact the availability, confidentiality, or integrity of WebLogic Server applications, which use the Apache, Sun, or IIS web server configured with the WebLogic plug-in for Apache, Sun, or IIS servers, respectively. This vulnerability may be remotely exploitable without authentication. That is. it may be exploited over a network without the need for a username and password.
Severity: Critical
Rationale: Administration
Description: This vulnerability may impact the availability, confidentiality, or integrity of Oracle WebLogic Server applications, which use the Apache, Sun, or IIS web server configured with the WebLogic Server plug-ins for Apache, Sun, or IIS servers, respectively.
Severity: Critical
Rationale: Administration
Description: Oracle has released Critical Patch Updates for July 2009 that provide corrective action for potential security vulnerabilities for Oracle JRockit R27.6.3 and earlier JRE and JDK 6, R27.6.3 and earlier JRE and JDK 5.0, R27.6.3 and earlier SDK and JRE 1.4.2. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Administration
Description: Oracle has released Critical Patch Updates for July 2009 that provide corrective action for potential security vulnerabilities for Oracle WebLogic Server 10.0. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Server Outage
Description: Oracle has released Critical Patch Updates for October 2009 that provide corrective action for potential security vulnerabilities for Oracle WebLogic Portal 10.x. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Non-User Viewable Errors
Description: Oracle has released Critical Patch Updates for October 2009 that provide corrective action for potential security vulnerabilities for Oracle JRockit 1.5.0_19 and 1.6.0_14.Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Administration
Description: Oracle has released Critical Patch Updates for October 2009 that provide corrective action for potential security vulnerabilities for Oracle WebLogic Server 9.0, 9.1, and 9.2. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Server Outage
Description: Oracle has released Critical Patch Updates for October 2009 that provide corrective action for potential security vulnerabilities for Oracle WebLogic Server 10.0. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Server Outage
Description: Oracle has released Critical Patch Updates for October 2009 that provide corrective action for potential security vulnerabilities for Oracle JRockit 1.6.0_14, 1.5.0_19 and 1.4.2_21. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Administration
Description: Oracle has released a Critical Patch Update that provides corrective action for a potential security vulnerability for Oracle WebLogic Server 10.0. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Development
Description: Oracle has released Critical Patch Updates for January 2010 that provide corrective action for potential security vulnerabilities for Oracle WebLogic Server 9.x. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Non-User Viewable Errors
Description: Oracle has released Critical Patch Updates for January 2010 that provide corrective action for potential security vulnerabilities for Oracle WebLogic Server 10.0. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Development
Description: Oracle has released Critical Patch Updates for January 2010 that provide corrective action for potential security vulnerabilities for Oracle WebLogic Server 9.x. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Non-User Viewable Errors
Description: Oracle has released Critical Patch Updates for January 2010 that provide corrective action for potential security vulnerabilities for Oracle WebLogic Server 10.0. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Development
Description: Oracle has released a Critical Patch Update that provides corrective action for a potential security vulnerability for Oracle WebLogic Server 10.0. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Development
Description: Oracle has released Critical Patch Updates for January 2010 that provide corrective action for potential security vulnerabilities for Oracle WebLogic Server 9.x. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Non-User Viewable Errors
Description: Oracle has released Critical Patch Updates for January 2010 that provide corrective action for potential security vulnerabilities for Oracle WebLogic Server 10.0. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Development
Description: Oracle has released Critical Patch Updates for January 2010 that provide corrective action for potential security vulnerabilities for Oracle WebLogic Server 9.x. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Non-User Viewable Errors
Description: Oracle has released Critical Patch Updates for January 2010 that provide corrective action for potential security vulnerabilities for Oracle WebLogic Server 10.0. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Development
Description: Oracle has released Critical Patch Updates for January 2010 that provide corrective action for potential security vulnerabilities for Oracle JRockit 1.6.0_14, 1.5.0_19 and 1.4.2_21. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Administration
Description: Oracle has released a Critical Patch Update that provides corrective action for a potential security vulnerability for Oracle JRockit R27.6.6: JRE/JDK 1.4.2, 5 and 6; R28.0.0, JRE/JDK 5 and 6. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Administration
Description: Oracle has released a Critical Patch Update that provides corrective action for a potential security vulnerability for Oracle WebLogic Server 10.0. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Development
Description: If you are using Oracle JRockit in conjunction with a native library that relies on OS signals you may experience crashes due to a signal handling conflict between Oracle JRockit and the native library.Dump stack matches known issue:Thread Stack Trace: at pthread_kill+62()@0xb75c00ee at ptSendSignal+34()@0xb71aedc6 at trapiConvertToDeferredSigsegv+199()@0xb719d207 at trapiSigSegvHandler+40()@0xb719d23c at xehInterpretSavedSigaction+219(amqxerrx.c)@0xb72f276b at xehExceptionHandler+543()@0xb72f2b3f at __libc_sigaction+272()@0xb75c2f80Oracle Engineering found this conflict using IBM's MQSeries native drivers, and it may be present in other libraries that rely on native code.
Severity: Critical
Rationale: Server Outage
Description: When using Oracle WebLogic Server 10.0 and JMS operations, a deadlock occurs when trying to reconnect with an Oracle WebLogic Server 8.1 SP5 server that has gone down.Found one Java-level deadlock:'weblogic.timers.TimerThread': waiting to lock monitor 0x00000001012cdbe0 (object 0xffffffff23111248, a java.lang.Object), which is held by '[ACTIVE] ExecuteThread: '36' for queue: 'weblogic.kernel.Default (self-tuning)'''[ACTIVE] ExecuteThread: '36' for queue: 'weblogic.kernel.Default (self-tuning)'': waiting to lock monitor 0x00000001002d26f8 (object 0xffffffff13ca1368, a weblogic.timers.internal.TimerThread), which is held by 'weblogic.timers.TimerThread'
Severity: Critical
Rationale: Subsystem Outage
Description: Java level deadlock between weblogic.deployment.jms.JMSSessionPoolTester and weblogic.deployment.jms.JMSSessionPool reveal in Oracle WebLogic Server Thread dump.
Severity: Critical
Rationale: Server Outage
Description: A denial-of-service attack is a malicious attempt to overload a server by sending more requests than it can handle, preventing access to a service. Attackers may overload the server by sending huge amounts of data in an HTTP POST method. The client can get an HTTP error code 413 (Request Entity Too Large) or the connection may be broken.Prevent this type of attack by setting the MaxPostSize parameter. This limits the number of bytes of data that can be received in a POST from a single request. (By default, the value for MaxPostSize is -1, i.e. unlimited.) If an attacker sends an HTTP POST that exceeds the limit you specify, it triggers a MaxPostSizeExceeded exception and the server logs a "POST size exceeded the parameter MaxPostSize" message.
Severity: Critical
Rationale: Server Outage
Description: When Hibernate and ehcache are used with Oracle WebLogic Server, the ehcache component writes cached objects to the file system defined by the property java.io.tmpDir. This, in itself, is not an issue. However, when there are two or more managed servers running on each physical server, these managed servers write to the same directory in the file system using the same file names. Consequently, the servers are sharing resources that require explicit locks in order to modify the files, which can result in a deadlock condition.
Severity: Critical
Rationale: Administration
Description: Some customers write their own startup and environment scripts. Sometimes they invert the CLASSPATH order. When this occurs, patches applied with BSU are not active even if Oracle Enterprise Manager detects them. The weblogic_patch.jar must always come before weblogic_sp.jar and weblogic.jar in the classpath.
Severity: Critical
Rationale: Administration
Description: When the JMS Server's BytesHighCount attribute is greater than 50 percent of the JVM's HeapSizeCurrent, and the BytesPagingEnabled and MessagesPagingEnabled attributes are not set, a JMS processing error may have occured or may occur in the future.
Severity: Critical
Rationale: Server Outage
Description: When an interface is not compliant with the implementation classes, Oracle JRockit may crash or throw a NullPointerException. This occurs because Oracle JRockit does not perform verification of implemented interfaces before a call, unless it is started with the option -Xverify:all.Oracle JRockit R24.5.0 and previous versions crash under these conditions. Oracle JRockit R25.2.1-11 and later throw a NullPointerException where an IncompatibleClassChangeError could be expected.
Severity: Critical
Rationale: Server Outage
Description: Oracle JRockit 1.4.2_12 crashed on multiple WLS 8 SP4 servers.Oracle JRockit dump shows the following stack trace:Stack 0: start=0xb7a58000, end=0xb7a9c000, guards=0xb7a5d000 (ok),forbidden=0xb7a5b000Thread Stack Trace: at mmGetObjectSize+8()@0xb7e6b3c8 at findNext+166()@0xb7e9a006 at refIterGetNext+44()@0xb7e9a24c at trMarkRootsForThread+325()@0xb7ea83b5 at mmMarkRootsForThread+44()@0xb7e2cc2c at mmParThreadInspection+45()@0xb7e7794d at tsDoGCInspectionForAllThreads+37()@0xb7ed8555 at mmParMark+118()@0xb7e77d16 at mmGCMainLoop+1074()@0xb7d73722 at tsiCallStartFunction+81()@0xb7e1ac81 at tsiThreadStub+126()@0xb7e1bd1e at ptiThreadStub+18()@0xb7e840d2 at start_thread+129()@0x9e6371 at clone+94()@0x88e9be - Java stack -
Severity: Critical
Rationale: Server Outage
Description: Sometimes, calling inflate on a closed Inflater results in Oracle JRockit crashing, creating a core file. It can occur with Oracle JRockit R27.3.1.The relevant stack trace will be similar to the following:Thread Stack Trace: at inflate+73()@0x000000001027C409 at RJNI_java_util_zip_Inflater_inflateFast+90()@0x000000001020162A - Java stack - at java/util/zip/Inflater.inflateFast(JJIJI)I(Native Method) at java/util/zip/Inflater.inflateBytes(Inflater.java:354) at java/util/zip/Inflater.inflate(Inflater.java:216)
Severity: Critical
Rationale: Administration
Description: SAF is discarding messages causing message loss.
Severity: Critical
Rationale: Administration
Description: Upgrading to the versions 1.6.0_14 and 1.5.0_19 of the Sun JDK or Oracle JRockit causes compatibility issues between Sun JDK and Oracle JRockit handling of SSL and Oracle WebLogic Server handling of SSL.
Severity: Critical
Rationale: Non-User Viewable Errors
Description: Upgrading to the versions 1.6.0_14 and 1.5.0_19 of the Sun JDK or Oracle JRockit causes compatibility issues between Sun JDK and Oracle JRockit handling of SSL and Oracle WebLogic Server handling of SSL.
Severity: Critical
Rationale: Non-User Viewable Errors
Description: Sessions are lost after configuring SAML with two domains (Oracle WebLogic Server 10.0) running on one system.It is a SAML requirement to set all Web application cookie names to the default (JSESSIONID). With this setting, the client browser can differentiate cookies originating from different domains only if the IPAddress or hostname of the SAML source and destination domain are not the same.
Severity: Critical
Rationale: User Viewable Errors
Description: When starting Oracle WebLogic Server on Solaris 8 or 5.8, the default threading libraries of the operating system may cause various JVM threading issues, which can ultimately result in the server hanging or crashing.
Severity: Critical
Rationale: Server Outage
Description: A system OutofMemory error can occur if you use Oracle WebLogic Server Administration Console to export or import a large JMS queue.
Severity: Critical
Rationale: Server Outage
Description: Attempting to start a server on a Linux platform when setting the post-bind option in a UNIX machine can cause the server to core dump with a StackOverflow exception.This applies to Oracle JRockit R26.2 and above.
Severity: Critical
Rationale: Administration
Description: Oracle JRockit 1.5_02 (R25.0.0) and Oracle JRockit 1.5_03 (R25.2.0) running on Windows 2000 requires Service Pack 2 or higher. This signature indicates that you are running no service pack or one less than Service Pack 2. Upgrade to Windows 2000 SP 2 or higher.
Severity: Critical
Rationale: Not Complying with Specifications
Description: Windows 2000 SP4 and higher required for Oracle JRockit 1.5_04 through Oracle JRockit 1.5_06.
Severity: Critical
Rationale: Not Complying with Specifications
Description: If you are running on Linux or Solaris and press Ctrl-C to properly shut down your application, it will actually terminate immediately and you risk losing any runtime data that hasn't been saved to disk or a database. This happens because Oracle JRockit fails to register the SIGINT signal handler used for the shut down hooks.This issue does not apply to applications running on Windows.
Severity: Critical
Rationale: Administration
The compliance rules for the Rules For Potential Wls V11 Problems Which May Result In System Outages Or Downtime standard follow.
Description: Cannot display the JNDI tree on the Oracle WebLogic Server console on a managed server. It seems that the problem is caused by an empty <jndi-name> tag, which was accidentally added in the datasource configuration file.<jdbc-data-source-params> <jndi-name>dsGestionRepresentations</jndi-name> <jndi-name></jndi-name><global-transactions-protocol>TwoPhaseCommit</global-transactions-protocol></jdbc-data-source-params>Will see a StackOverflowError in the logs as a symptom of this problem.
Severity: Critical
Rationale: Server Outage
Description: For Oracle WebLogic Server 10.3 with EJB3.0, an ApplicationException occurs. Annotation does not work with unchecked exceptions.
Severity: Critical
Rationale: Server Outage
Description: Contact Oracle Support or visit support.oracle.com for the following information:- A JavaDoc defect may lead to the generation of HTML documentation pages with potential cross-site scripting (XSS) vulnerability.- A buffer overflow vulnerability in the JRE image parsing code may allow an untrusted applet or application to elevate its privileges.- A vulnerability in the JRE font parsing code may allow an untrusted applet to elevate its privileges.- The Java XML Digital Signature implementation in JDK and JRE 6 does not securely process XSLT stylesheets in XSLT Transforms in XML Signatures.- A JRE Applet Class Loader security vulnerability may allow an untrusted applet that is loaded from a remote system to circumvent network access.
Severity: Critical
Rationale: Administration
Description: The Java Secure Socket Extension (JSSE) that is included in various releases of the Java Runtime Environment does not correctly process SSL/TLS handshake requests. This vulnerability may be exploited to create a Denial of Service (DoS) condition to the system as a whole on a server that listens for SSL/TLS connections using JSSE for SSL/TLS support. For more information, please contact Oracle Support or visit support.oracle.com.This advisory corrects this issue by supplying patched versions of JRockit.
Severity: Critical
Rationale: Administration
Description: This is a combined security advisory. These vulnerabilities are fixed in JRockit R27.5.0. Installers, updates, patches and more information are available at support.oracle.com.
Severity: Critical
Rationale: Administration
Description: Advisory CVE-2009-1006 refers to all the vulnerability fixes that have been made in JRockit for addressing the applicable issues. The applicable advisories include:CVE 2008-5347CVE 2008-5348CVE 2008-5349CVE 2008-5350CVE 2008-5351CVE 2008-5352CVE 2008-5353CVE 2008-5354CVE 2008-5356CVE 2008-5360xFor more information, please contact Oracle Support or visit support.oracle.com.
Severity: Critical
Rationale: Administration
Description: A vulnerability in the Java Management Extensions (JMX) management agent included in the Java Runtime Environment (JRE) may allow a JMX client running on a remote host to perform unauthorized operations on a system running JMX with local monitoring enabled.For more information, please contact Oracle Support or visit support.oracle.com.
Severity: Critical
Rationale: Administration
Description: Security vulnerabilities in the Java Runtime Environment may allow an untrusted applet that is loaded from a remote system to circumvent network access restrictions and establish socket connections to certain services running on machines other than the one that the applet was downloaded from. This may allow the untrusted remote applet the ability to exploit any security vulnerabilities existing in the services it has connected to.For more information, please contact Oracle Support or visit support.oracle.com.
Severity: Critical
Rationale: Administration
Description: A vulnerability in the Java Runtime Environment related to the processing of XML data may allow unauthorized access to certain URL resources (such as some files and web pages) or a Denial of Service (DoS) condition to be created on the system running the JRE.For more information, please contact Oracle Support or visit support.oracle.com.
Severity: Critical
Rationale: Administration
Description: A vulnerability in the Java Runtime Environment with processing XML data may allow an untrusted applet or application that is downloaded from a website unauthorized access to certain URL resources (such as some files and web pages).For more information, please contact Oracle Support or visit support.oracle.com.
Severity: Critical
Rationale: Administration
Description: A buffer overflow security vulnerability with the processing of fonts in the Java Runtime Environment (JRE) may allow an untrusted applet or application to elevate its privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet.For more information, please contact Oracle Support or visit support.oracle.com.
Severity: Critical
Rationale: Administration
Description: A vulnerability in the Java Runtime Environment relating to scripting language support may allow an untrusted applet or application to elevate its privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet.For more information, please contact Oracle Support or visit support.oracle.com.
Severity: Critical
Rationale: Administration
Description: A vulnerability in the Java Runtime Environment relating to scripting language support may allow an untrusted applet to access information from another applet.For more information, please contact Oracle Support or visit support.oracle.com.
Severity: Critical
Rationale: Administration
Description: This vulnerability may impact the availability, confidentiality, or integrity of WebLogic Server applications which use the Apache web server configured with the WebLogic plug-in for Apache. This vulnerability may be remotely exploitable without authentication, that is, it may be exploited over a network without the need for a username and password.
Severity: Critical
Rationale: Administration
Description: This vulnerability in some NetUI tags may allow an attacker to read unauthorized data. This may be exploited over a network.
Severity: Critical
Rationale: Administration
Description: This vulnerability may impact the availability, confidentiality or integrity of WebLogic Server applications, which use the Apache, Sun, or IIS web server configured with the WebLogic plug-in for Apache, Sun, or IIS, respectively. This vulnerability may be remotely exploitable without authentication, that is, it may be exploited over a network without the need for a username and password.
Severity: Critical
Rationale: Administration
Description: Under certain circumstances security policies may not be enforced for web services.
Severity: Critical
Rationale: Administration
Description: Certain circumstances may cause some information disclosure in WebLogic Server JSPs and servlets.
Severity: Critical
Rationale: Subsystem Outage
Description: This vulnerability in Oracle WebLogic Console may allow information disclosure and elevation of privileges. This may be exploited over a network.
Severity: Critical
Rationale: Subsystem Outage
Description: This vulnerability in WebLogic Portal may allow elevation of privileges. This may be exploited over a network.
Severity: Critical
Rationale: Administration
Description: Oracle has released Critical Patch Updates for October 2009 that provide corrective action for potential security vulnerabilities for Oracle JRockit R27.6.3 JRE/JDK 1.6.0_11. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Administration
Description: Oracle has released Critical Patch Updates for July 2009 that provide corrective action for potential security vulnerabilities for Oracle WebLogic Server 10.3. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Server Outage
Description: This vulnerability in WebLogic Server may allow elevation of privileges. This may be exploited over a network.
Severity: Critical
Rationale: Administration
Description: This vulnerability in WebLogic Server may allow access to source code of web pages. This may be exploited over a network.
Severity: Critical
Rationale: Administration
Description: WebLogic Server web services security was strengthened.
Severity: Critical
Rationale: Administration
Description: This vulnerability may impact the availability, confidentiality, or integrity of WebLogic Server applications, which use the Apache, Sun, or IIS web server configured with the WebLogic plug-in for Apache, Sun, or IIS servers, respectively. This vulnerability may be remotely exploitable without authentication. That is. it may be exploited over a network without the need for a username and password.
Severity: Critical
Rationale: Administration
Description: This vulnerability may impact the availability, confidentiality, or integrity of Oracle WebLogic Server applications, which use the Apache, Sun, or IIS web server configured with the WebLogic Server plug-ins for Apache, Sun, or IIS servers, respectively.
Severity: Critical
Rationale: Administration
Description: Oracle has released Critical Patch Updates for July 2009 that provide corrective action for potential security vulnerabilities for Oracle JRockit R27.6.3 and earlier JRE and JDK 6, R27.6.3 and earlier JRE and JDK 5.0, R27.6.3 and earlier SDK and JRE 1.4.2. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Administration
Description: Oracle has released Critical Patch Updates for July 2009 that provide corrective action for potential security vulnerabilities for Oracle WebLogic Server 10.3. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Server Outage
Description: Oracle has released Critical Patch Updates for July 2009 that provide corrective action for potential security vulnerabilities for Oracle WebLogic Server 10.3. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Server Outage
Description: Oracle has released Critical Patch Updates for October 2009 that provide corrective action for potential security vulnerabilities for Oracle WebLogic Portal 10.x. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Non-User Viewable Errors
Description: Oracle has released Critical Patch Updates for October 2009 that provide corrective action for potential security vulnerabilities for Oracle JRockit 1.5.0_19 and 1.6.0_14.Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Administration
Description: Oracle has released Critical Patch Updates for October 2009 that provide corrective action for potential security vulnerabilities for Oracle WebLogic Server 9.0, 9.1, and 9.2. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Server Outage
Description: Oracle has released Critical Patch Updates for October 2009 that provide corrective action for potential security vulnerabilities for Oracle WebLogic Server 10.3. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Server Outage
Description: Oracle has released Critical Patch Updates for October 2009 that provide corrective action for potential security vulnerabilities for Oracle JRockit 1.6.0_14, 1.5.0_19 and 1.4.2_21. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Administration
Description: Oracle has released a Critical Patch Update that provides corrective action for a potential security vulnerability for Oracle WebLogic Server 10.3. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Development
Description: Oracle has released Critical Patch Updates for January 2010 that provide corrective action for potential security vulnerabilities for Oracle WebLogic Server 9.x. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Non-User Viewable Errors
Description: Oracle has released Critical Patch Updates for January 2010 that provide corrective action for potential security vulnerabilities for Oracle WebLogic Server 9.x. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Non-User Viewable Errors
Description: Oracle has released Critical Patch Updates for January 2010 that provide corrective action for potential security vulnerabilities for Oracle WebLogic Server 10.3. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Development
Description: Oracle has released a Critical Patch Update that provides corrective action for a potential security vulnerability for Oracle WebLogic Server 10.3. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Development
Description: Oracle has released Critical Patch Updates for January 2010 that provide corrective action for potential security vulnerabilities for Oracle WebLogic Server 9.x. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Non-User Viewable Errors
Description: Oracle has released Critical Patch Updates for January 2010 that provide corrective action for potential security vulnerabilities for Oracle WebLogic Server 10.3. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Development
Description: Oracle has released Critical Patch Updates for January 2010 that provide corrective action for potential security vulnerabilities for Oracle WebLogic Server 9.x. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Non-User Viewable Errors
Description: Oracle has released Critical Patch Updates for January 2010 that provide corrective action for potential security vulnerabilities for Oracle WebLogic Server 10.3. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Development
Description: Oracle has released Critical Patch Updates for January 2010 that provide corrective action for potential security vulnerabilities for Oracle JRockit 1.6.0_14, 1.5.0_19 and 1.4.2_21. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Administration
Description: Oracle has released a Critical Patch Update that provides corrective action for a potential security vulnerability for Oracle JRockit R27.6.6: JRE/JDK 1.4.2, 5 and 6; R28.0.0, JRE/JDK 5 and 6. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Administration
Description: Oracle has released a Critical Patch Update that provides corrective action for a potential security vulnerability for Oracle WebLogic Server 10.3. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Development
Description: If you are using Oracle JRockit in conjunction with a native library that relies on OS signals you may experience crashes due to a signal handling conflict between Oracle JRockit and the native library.Dump stack matches known issue:Thread Stack Trace: at pthread_kill+62()@0xb75c00ee at ptSendSignal+34()@0xb71aedc6 at trapiConvertToDeferredSigsegv+199()@0xb719d207 at trapiSigSegvHandler+40()@0xb719d23c at xehInterpretSavedSigaction+219(amqxerrx.c)@0xb72f276b at xehExceptionHandler+543()@0xb72f2b3f at __libc_sigaction+272()@0xb75c2f80Oracle Engineering found this conflict using IBM's MQSeries native drivers, and it may be present in other libraries that rely on native code.
Severity: Critical
Rationale: Server Outage
Description: Java level deadlock between weblogic.deployment.jms.JMSSessionPoolTester and weblogic.deployment.jms.JMSSessionPool reveal in Oracle WebLogic Server Thread dump.
Severity: Critical
Rationale: Server Outage
Description: When generating a webservice using JAX-RPC 1.1 with document style from a Web Service Definition Language (WSDL) file, the customer is getting the following error: [jwsc] [ERROR] - A document style operation must not have a non header INOUT or OUT Parameter.
Severity: Critical
Rationale: Development
Description: A denial-of-service attack is a malicious attempt to overload a server by sending more requests than it can handle, preventing access to a service. Attackers may overload the server by sending huge amounts of data in an HTTP POST method. The client can get an HTTP error code 413 (Request Entity Too Large) or the connection may be broken.Prevent this type of attack by setting the MaxPostSize parameter. This limits the number of bytes of data that can be received in a POST from a single request. (By default, the value for MaxPostSize is -1, i.e. unlimited.) If an attacker sends an HTTP POST that exceeds the limit you specify, it triggers a MaxPostSizeExceeded exception and the server logs a "POST size exceeded the parameter MaxPostSize" message.
Severity: Critical
Rationale: Server Outage
Description: When Hibernate and ehcache are used with Oracle WebLogic Server, the ehcache component writes cached objects to the file system defined by the property java.io.tmpDir. This, in itself, is not an issue. However, when there are two or more managed servers running on each physical server, these managed servers write to the same directory in the file system using the same file names. Consequently, the servers are sharing resources that require explicit locks in order to modify the files, which can result in a deadlock condition.
Severity: Critical
Rationale: Administration
Description: Some customers write their own startup and environment scripts. Sometimes they invert the CLASSPATH order. When this occurs, patches applied with BSU are not active even if Oracle Enterprise Manager detects them. The weblogic_patch.jar must always come before weblogic_sp.jar and weblogic.jar in the classpath.
Severity: Critical
Rationale: Administration
Description: When a Web Service uses inner classes as data types to a web method the resulting types are incorrect in the Web Service Definition Language (WSDL) produced by JWSC.
Severity: Critical
Rationale: Server Outage
Description: When the JMS Server's BytesHighCount attribute is greater than 50 percent of the JVM's HeapSizeCurrent, and the BytesPagingEnabled and MessagesPagingEnabled attributes are not set, a JMS processing error may have occured or may occur in the future.
Severity: Critical
Rationale: Server Outage
Description: When an interface is not compliant with the implementation classes, Oracle JRockit may crash or throw a NullPointerException. This occurs because Oracle JRockit does not perform verification of implemented interfaces before a call, unless it is started with the option -Xverify:all.Oracle JRockit R24.5.0 and previous versions crash under these conditions. Oracle JRockit R25.2.1-11 and later throw a NullPointerException where an IncompatibleClassChangeError could be expected.
Severity: Critical
Rationale: Server Outage
Description: Oracle JRockit 1.4.2_12 crashed on multiple WLS 8 SP4 servers.Oracle JRockit dump shows the following stack trace:Stack 0: start=0xb7a58000, end=0xb7a9c000, guards=0xb7a5d000 (ok),forbidden=0xb7a5b000Thread Stack Trace: at mmGetObjectSize+8()@0xb7e6b3c8 at findNext+166()@0xb7e9a006 at refIterGetNext+44()@0xb7e9a24c at trMarkRootsForThread+325()@0xb7ea83b5 at mmMarkRootsForThread+44()@0xb7e2cc2c at mmParThreadInspection+45()@0xb7e7794d at tsDoGCInspectionForAllThreads+37()@0xb7ed8555 at mmParMark+118()@0xb7e77d16 at mmGCMainLoop+1074()@0xb7d73722 at tsiCallStartFunction+81()@0xb7e1ac81 at tsiThreadStub+126()@0xb7e1bd1e at ptiThreadStub+18()@0xb7e840d2 at start_thread+129()@0x9e6371 at clone+94()@0x88e9be - Java stack -
Severity: Critical
Rationale: Server Outage
Description: Sometimes, calling inflate on a closed Inflater results in Oracle JRockit crashing, creating a core file. It can occur with Oracle JRockit R27.3.1.The relevant stack trace will be similar to the following:Thread Stack Trace: at inflate+73()@0x000000001027C409 at RJNI_java_util_zip_Inflater_inflateFast+90()@0x000000001020162A - Java stack - at java/util/zip/Inflater.inflateFast(JJIJI)I(Native Method) at java/util/zip/Inflater.inflateBytes(Inflater.java:354) at java/util/zip/Inflater.inflate(Inflater.java:216)
Severity: Critical
Rationale: Administration
Description: The application fails when being accessed at first. Once Oracle WebLogic Server is rebooted, the server can be accessed successfully. ParseException occurs while deploying an EAR that has a Kodo connector.
Severity: Critical
Rationale: Server Outage
Description: SAF is discarding messages causing message loss.
Severity: Critical
Rationale: Administration
Description: Upgrading to the versions 1.6.0_14 and 1.5.0_19 of the Sun JDK or Oracle JRockit causes compatibility issues between Sun JDK and Oracle JRockit handling of SSL and Oracle WebLogic Server handling of SSL.
Severity: Critical
Rationale: Non-User Viewable Errors
Description: Upgrading to the versions 1.6.0_14 and 1.5.0_19 of the Sun JDK or Oracle JRockit causes compatibility issues between Sun JDK and Oracle JRockit handling of SSL and Oracle WebLogic Server handling of SSL.
Severity: Critical
Rationale: Non-User Viewable Errors
Description: When starting Oracle WebLogic Server on Solaris 8 or 5.8, the default threading libraries of the operating system may cause various JVM threading issues, which can ultimately result in the server hanging or crashing.
Severity: Critical
Rationale: Server Outage
Description: Attempting to start a server on a Linux platform when setting the post-bind option in a UNIX machine can cause the server to core dump with a StackOverflow exception.This applies to Oracle JRockit R26.2 and above.
Severity: Critical
Rationale: Administration
Description: Oracle JRockit 1.5_02 (R25.0.0) and Oracle JRockit 1.5_03 (R25.2.0) running on Windows 2000 requires Service Pack 2 or higher. This signature indicates that you are running no service pack or one less than Service Pack 2. Upgrade to Windows 2000 SP 2 or higher.
Severity: Critical
Rationale: Not Complying with Specifications
Description: Windows 2000 SP4 and higher required for Oracle JRockit 1.5_04 through Oracle JRockit 1.5_06.
Severity: Critical
Rationale: Not Complying with Specifications
Description: If you are running on Linux or Solaris and press Ctrl-C to properly shut down your application, it will actually terminate immediately and you risk losing any runtime data that hasn't been saved to disk or a database. This happens because Oracle JRockit fails to register the SIGINT signal handler used for the shut down hooks.This issue does not apply to applications running on Windows.
Severity: Critical
Rationale: Administration
Description: If you are using ALBPM 6.0.4 on Oracle WebLogic Server 10.3, and if you have ALBPM processes that contain Global Automatic Activities, then these Global Automatic Activities listen to JMS queues for messages.In ALBPM 6.x implementation, the engine implements this type of Global Automatic Activity by scheduling a work item with the WorkManager (default or custom). The WorkManager runs the work item in one of its threads. The work item, when executed, dynamically creates a JMS queue consumer that represents a Global Automatic Activity.The issue is that you may not notice any consumers on some queues after server start up.
Severity: Critical
Rationale: Server Outage
The compliance rules for the Rules For Potential Wls V9 Problems Which May Result In System Outages Or Downtime standard follow.
Description: Cannot display the JNDI tree on the Oracle WebLogic Server console on a managed server. It seems that the problem is caused by an empty <jndi-name> tag, which was accidentally added in the datasource configuration file.<jdbc-data-source-params> <jndi-name>dsGestionRepresentations</jndi-name> <jndi-name></jndi-name><global-transactions-protocol>TwoPhaseCommit</global-transactions-protocol></jdbc-data-source-params>When reading the tree a java.lang.StackOverflowError appears in the logs.
Severity: Critical
Rationale: Server Outage
Description: When using the -Dweblogic.iiop.useJavaSerialization flag in a call over IIOP, an org.hibernate.LazyInitializationException occurs.
Severity: Critical
Rationale: Server Outage
Description: Oracle WebLogic Server was creating multiple EJBTimerRuntimeMBeans with the same name. As a result of the duplicate names, subsequent EJBTimerRuntimeMBeans with the same name failed to register or unregister. The following AssertionError appears in the server logs with message BEA-080004:An error was thrown by the RMI server:weblogic.management.remote.iiop.IIOPServerImpl.newClient(Ljava.lang.Object;) java.lang.AssertionError: Registered more than one instance with the same objectName :com.bea:ServerRuntime=myserver,Name=MedRecSessionBean,ApplicationRuntime=medrecapp, Type=EJBTimerRuntime, EJBComponentRuntime=MedRecSessionBeanWorkaround or Solution:Oracle WebLogic Server now uses unique names for the EJBTimerRuntimeMBean.
Severity: Critical
Rationale: Administration
Description: Any site that is running untrusted application code is susceptible to this vulnerability.Application code (for example, EJBs or servlets) can be coded in such a way so as to allow it to decrypt encrypted passwords on the server.This patch resolves the issue by protecting the code to disallow application access. Even after installing this patch, to optimize security Oracle recommends that application code should be inspected for suspicious code before being installed on the server.
Severity: Critical
Rationale: Administration
Description: Newly configured security providers appear to be active despite the fact that the server will not use them until after a server restart. After configuring a new security provider, it may appear that the provider is active before a server restart, as no indication is given that the server is still using the security providers from the last restart. This may lead an administrator to delete or add users, and delete or add security policies to the new provider. The patch for Security Advisory BEA06-116.00 ensures that the WebLogic Administration Console and WebLogic Scripting Tool properly display a warning that the server must be rebooted before a new security provider becomes active. WebLogic Scripting Tool will now display the correct providers in the runtime tree.
Severity: Critical
Rationale: Administration
Description: Under certain conditions, connection filters may cause server slowdown, which could make the server vulnerable to a denial-of-service attack.
Severity: Critical
Rationale: Performance
Description: When using the WebLogic Server Console to set security policies on JNDI resources, the security policies do not properly protect the JNDI resources.
Severity: Critical
Rationale: Server Outage
Description: All sites that allow untrusted applications to be hosted in the server are vulnerable to this issue.An application hosted in the server can obtain the private keys.This patch resolves the issue by restricting access to the private keys.
Severity: Critical
Rationale: Server Outage
Description: All sites that allow untrusted applications to be hosted in the server are vulnerable to this issue.An application hosted in the server can obtain the private keys.This patch resolves the issue by restricting access to the private keys.
Severity: Critical
Rationale: Server Outage
Description: All sites where administrators have used the WebLogic Server Administration Console to set custom JDBC security policies are vulnerable to this issue. Sites where the console has not been used to set JDBC security policies are not affected.When setting JDBC security policies, the console was not setting them correctly. This could result in those JDBC resources not being properly secured.This patch resolves the issue by correcting how the console sets JDBC security policies.After the patch is applied, all JDBC policies will need to be reviewed to ensure correctness.
Severity: Critical
Rationale: Administration
Description: All sites that that use WebLogic Server HTTP handlers and that host protected Java Web Service (JWS) or web apps are affected by this issue.If access to a protected JWS or web app fails, the username and password used in the access attempt may be logged to the server log. This can result in the password (either valid or invalid) being visible in clear text in the WebLogic Server log.This patch resolves the issue by ensuring that the username and password are removed from the failure message written to the log.
Severity: Critical
Rationale: Server Outage
Description: All sites are vulnerable to this attack.It is possible for a remote user to bind anonymously to the embedded LDAP server and 1) look at user entries (but not attributes) if the schema can be guessed, or 2) launch a denial-of-service attack against the embedded LDAP server by creating many connections to the LDAP server.The patch for Security Advisory BEA06-81.02 resolves the issue by adding an attribute to restrict anonymous bind. After applying this patch and rebooting, anonymous bind will be restricted by default.
Severity: Critical
Rationale: Administration
Description: All sites with JDBCDataSourceFactory MBeans that use the Properties attribute to store a password are vulnerable to this issue.A password entered in the JDBCDataSourceFactory MBean Properties was not being removed and encrypted in the Password attribute. This behavior allowed an administrator to view the password in clear text.This patch resolves the issue by ensuring that a password entered in the JDBCDataSourceFactory MBean Properties attribute is properly protected.
Severity: Critical
Rationale: Administration
Description: This vulnerability can occur in WebLogic clients using Web Services Security (WSSE). In special circumstances an attacker may be able to mount a man-in-the-middle attack.This patch corrects validation to prevent this attack.
Severity: Critical
Rationale: Non-User Viewable Errors
Description: The Web Services Security (WSSE) runtime may fail to enforce the use of a credential configured for decrypting messages sent by a client. In specific circumstances a malicious remote client may be able to exploit this vulnerability and bypass the application configured security. Patches are available to enforce proper validation by the WSSE runtime.
Severity: Critical
Rationale: Non-User Viewable Errors
Description: This vulnerability may occur in a transactional Message Driven Bean (MDB) using EJB container persistence. Some of the persistence operations can be called with an administrative identity. This issue only occurs when using the WebLogic Server 6.1 compatibility realm.This advisory resolves the issue by enforcing the execution of these operations with the proper identity.
Severity: Critical
Rationale: Administration
Description: A vulnerability has been found in WebLogic Server in which a security policy created via the console on an EJB method with array parameters may not be enforced. An attacker could exploit this vulnerability to gain unauthorized access to these particularly defined EJB methods.This advisory resolves the issue by properly enforcing EJB security restrictions.
Severity: Critical
Rationale: Administration
Description: Under certain circumstances, the WebLogic Server proxy plug-in for Apache web server may not properly handle a protocol error. As a result, the proxy plug-in could cause the Apache server to fail or to mark back-end WebLogic servers as unavailable. Open sessions may fail and applications hosted by back-end WebLogic servers may be unreachable. All applications using the WebLogic Server proxy plug-in on an Apache web server are vulnerable to this.
Severity: Critical
Rationale: User Viewable Errors
Description: An error has been found in the handling of malformed HTTP requests in WebLogic Server. An attacker could exploit this condition to find data involved in previous requests on the server, potentially from other users.This advisory resolves the problem by enforcing proper handling for this type of request.
Severity: Critical
Rationale: Administration
Description: All sites that use admin servers to set security policy for managed servers are vulnerable.In very specific circumstances a policy change made on an admin server for a currently unavailable managed server will never reach the managed server. This is caused by a problem in the handling of the admin server's change log.This would lead to an administrator thinking that the managed server was running with the latest security policies when in fact the managed server might be running with an older set of security policies.This patch resolves the issue by ensuring that security policies will be correctly sent to the managed server.
Severity: Critical
Rationale: Administration
Description: A client can mount a denial of service attack by manipulating socket connections to a WebLogic Server running on Solaris 9. As a result of this attack, the server may not be able to process other valid requests. This advisory resolves the issue by closing the bad socket connections.
Severity: Critical
Rationale: Administration
Description: Any sites that use roles and entitlements to manage WebLogic Portal resources are susceptible to this vulnerability. If an administrative user deletes entitlements for a given role other roles entitlements are inadvertently affected.This patch resolves the issue by enforcing proper access restrictions.
Severity: Critical
Rationale: Administration
Description: Sites that operate in an Oracle WebLogic Server clustered environment and use WebLogic Portal entitlements to manage WebLogic Portal resources are susceptible to this vulnerability. If an administrative user changes a WebLogic Portal entitlement policy on a managed server while the Administrative Server is down, the policy change may not be successfully propagated to the other managed servers in the cluster.This patch resolves the issue by preventing entitlement policy changes when the Administration server is down.
Severity: Critical
Rationale: Administration
Description: On specific configurations, the Oracle WebLogic Server embedded LDAP does not limit or audit failed login attempts, and an attacker, inside the firewall, could mount a trial and error attempt to guess the administrator's password. The attacker can also produce a denial of service condition on the LDAP port with the repeated attempts to logon.This advisory resolves this condition by allowing the definition of quotas limiting the usage of the WebLogic Server embedded LDAP. The quotas limit the maximum number of connections, the maximum number of operations per connection, the maximum number of connections per subject, and the maximum number of connections per IP address. In addition, login attempts and information about exceeded quotas are logged.
Severity: Critical
Rationale: Administration
Description: The Administration Console supports the configuration of Web Service security to secure particular web services. Administrators can specify security properties required for a particular web service, including passwords used by credential providers and token handlers. During the creation of the configuration, the console may display these sensitive attributes in clear text. However, these sensitive attributes are correctly encrypted when the configuration is written to disk.A patch is available to correct this issue by updating the Administration Console pages so that Web Service Security credential provider and token handler sensitive properties are not displayed in clear text.
Severity: Critical
Rationale: Administration
Description: The WebLogic configToScript command converts an existing server configuration to an executable WebLogic Scripting Tool script and the resulting script can be used to create a new WebLogic domain. However, the generated script may not encrypt sensitive attributes (in particular, the node manager password) when a new domain is created with the script.A patch is available to allow proper encryption of these sensitive attributes.
Severity: Critical
Rationale: Server Outage
Description: Security advisory BEA07-164.01 contains the corrected remedy for this vulnerability on Oracle WebLogic Server and WebLogic Express 9.1 and 9.0. This advisory supersedes security advisory BEA07-164.00.
Severity: Critical
Rationale: Server Outage
Description: Rich text content in the WebLogic GroupSpace application is susceptible to cross-site scripting (XSS) attacks. Because rich text content in GroupSpace is actually HTML, it is possible for an authenticated user to add malicious JavaScript code that will execute in another users' environment (e.g., browser) when the HTML is rendered.This patch gives administrators a way to prevent this vulnerability by providing a configurable option to turn off the rich text editor and use a plain text editor instead.
Severity: Critical
Rationale: Administration
Description: An authenticated WebLogic Portal administrator or Delegated administrator may cause an inadvertent corruption of a visitor entitlements role when editing the role description if more than 255 characters are entered. This will cause any resources that were protected to no longer be protected. This vulnerability can occur by either editing a role description via the WebLogic Portal Administration Console or through a portal application using the WebLogic Portal APIs.A fix has been provided which prevents the entry of more than 255 characters.
Severity: Critical
Rationale: Administration
Description: WebLogic SSL may verify incorrectly RSA signatures if the RSA public key exponent is 3. An attacker can create certificates with a forged signature that makes the SSL certificate chain to be improperly verified as valid.This advisory corrects this problem by rejecting RSA certificates with a public key exponent of 3.For additional details about this vulnerability, see the link to Mitre in the For More Information section.
Severity: Critical
Rationale: Administration
Description: The WebLogic Workshop Test View may reveal parent directory information to the WebLogic Workshop Directory (wlwdir) when the application is deployed in an exploded format in a development environment. The WebLogic Workshop Test View console should always be disabled in a production environment.WebLogic Integration 9.2 is only susceptible if the application is deployed explicitly in an exploded form. By default, WebLogic Integration 9.2 does not use the exploded deployment model.This patch resolves this problem by preventing users from navigating beyond the corresponding web application directory.
Severity: Critical
Rationale: Administration
Description: The Sun Java Runtime Environment (JRE) contains vulnerabilities that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.There were two vulnerabilities related to serialization in the Java Runtime Environment. These vulnerabilities would allow a malicious applet or application to elevate its privileges. Earlier BEA JRockit releases supporting applets may be affected by this issue. The latest version of Oracle JRockit JVM cannot be used to run applets, so it is not affected by this issue.For more information, please contact Oracle Support or visit support.oracle.com.
Severity: Critical
Rationale: Administration
Description: A buffer overflow while processing GIF images in the Java Runtime Environment may allow a malicious applet to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications with the privileges of the user running the applet. Earlier versions of BEA JRockit supporting applets may be affected by this issue. Newer versions of BEA JRockit cannot be used to run applets.Under special circumstances, a server running BEA JRockit may also be affected if it can receive (through a web upload) a maliciously crafted image and this image is decoded in the server.
Severity: Critical
Rationale: Administration
Description: Java Web Start enables standalone Java applications to be launched from a browser. A vulnerability was reported in Java Web Start that allows a non-trusted application to elevate its privileges. For example, the non-trusted application could read and write local files accessible to the user running the Java Web Start Application. For more information, please contact Oracle Support or visit support.oracle.com.Early releases of BEA JRockit (prior to R26.0) may be affected by this vulnerability and patches are available to correct this problem. The latest releases of BEA JRockit do not ship with Java Web Start and are not affected by this vulnerability.
Severity: Critical
Rationale: Administration
Description: The Sun Java Runtime Environment contains vulnerabilities that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.Two buffer overflow conditions have been identified that may allow non-trusted applets to elevate their privileges. For example, an applet might be able to grant itself permission to read and write local files, or execute local applications that are accessible to the user running the non-trusted applet. Earlier versions of BEA JRockit supporting applets may be affected by these issues.For more information, please contact Oracle Support or visit support.oracle.com.
Severity: Critical
Rationale: Administration
Description: In some circumstances, SSL clients that run outside the server environment may not find all possible ciphers with which to construct the list of potential SSL cipher suites resulting in use of the default null cipher (no encryption).This advisory corrects this issue by supplying jars and instructions to ensure all cipher suites are found.
Severity: Critical
Rationale: Server Outage
Description: An attacker could obtain and exploit information that is not encrypted when a null cipher suite is in use. Under certain circumstances, when a client does not offer support for any of the cipher suites available in the server, then the server may select a cipher suite that uses a null cipher; this may result in SSL communication that is not encrypted.This advisory corrects this issue by logging a message when null cipher is in use and also provides administrators the ability to disable the use of null ciphers during SSL communications with SSL clients.
Severity: Critical
Rationale: Server Outage
Description: Contact Oracle Support or visit support.oracle.com for the following information:- A JavaDoc defect may lead to the generation of HTML documentation pages with potential cross-site scripting (XSS) vulnerability.- A buffer overflow vulnerability in the JRE image parsing code may allow an untrusted applet or application to elevate its privileges.- A vulnerability in the JRE font parsing code may allow an untrusted applet to elevate its privileges.- The Java XML Digital Signature implementation in JDK and JRE 6 does not securely process XSLT stylesheets in XSLT Transforms in XML Signatures.- A JRE Applet Class Loader security vulnerability may allow an untrusted applet that is loaded from a remote system to circumvent network access.
Severity: Critical
Rationale: Administration
Description: The Java Secure Socket Extension (JSSE) that is included in various releases of the Java Runtime Environment does not correctly process SSL/TLS handshake requests. This vulnerability may be exploited to create a Denial of Service (DoS) condition to the system as a whole on a server that listens for SSL/TLS connections using JSSE for SSL/TLS support. For more information, please contact Oracle Support or visit support.oracle.com.This advisory corrects this issue by supplying patched versions of JRockit.
Severity: Critical
Rationale: Administration
Description: WebLogic HttpClusterServlet or HttpProxyServlet, configured with the "SecureProxy" parameter, may serve external requests to back-end WebLogic servers on behalf of a system identity instead of the proxy's own identity. These external requests may be wrongly granted access to certain administrative resources that are only accessible to an administrator.This advisory resolves the problem by enforcing the use of the proxy identity. The configuration of a proxy has also been enhanced to permit connections using two-way SSL.
Severity: Critical
Rationale: Administration
Description: An attacker can spoof certain information in a request header, which can potentially allow access to application servlets that rely on this information for authentication.This advisory corrects this issue by ensuring that the header information is properly handled before passing it to the servlet.
Severity: Critical
Rationale: Administration
Description: WebLogic security policies can be configured to restrict the access to a JMS destination. If an application user does not have the "receive" permission to a JMS destination (queue/topic), an attempt of receiving messages from that destination by the application should fail with security errors. By exploiting this vulnerability an unauthorized user may be able to receive messages from a standalone (physical) JMS Topic destination or a member of a secured Distributed Topic member destination.This advisory resolves this issue by checking permissions before allowing a subscriber to use a durable subscription.
Severity: Critical
Rationale: Administration
Description: The distributed queue feature in WebLogic JMS provides higher availability in a clustered environment. If a JMS client sends a message to a distributed queue and encounters a problem with one member of that distributed queue (the member is down, the member exceeds its quota, access denied, etc), internally the JMS subsystem will retry another member of the same distributed destination. In certain configurations, an unauthorized user is able to send messages to a secure distributed queue.This advisory corrects the problem and ensures that the correct user identity is maintained.
Severity: Critical
Rationale: Administration
Description: The WebLogic Server Administration Console uses fields contained in a URL to identify which information should be included when displaying information to a user.An attacker may be able to inject JavaScript into the console output.This advisory corrects the cross site scripting issue by sanitizing the output.
Severity: Critical
Rationale: Administration
Description: In order to exploit this vulnerability, an attacker must have access to the server's console login page and have a non-administrator user account on that server. A session fixation vulnerability exists which can result in elevation of the attacker's privileges. For more information about Session Fixation attacks, see:http://en.wikipedia.org/wiki/Session_fixationThis advisory corrects this issue by always regenerating an auth cookie on login.
Severity: Critical
Rationale: Administration
Description: In order to avoid brute-force credential attacks, Oracle WebLogic Server has a mechanism that locks the corresponding user account after a certain number of invalid login attempts. By default, the account is locked after 5 invalid login attempts and remains locked for 30 minutes.Even after a user has been locked out, logon requests to certain carefully constructed URLs can still give hints as to whether the password is correct or not. This allows a sophisticated attacker to successfully run a brute-force password attack, a dictionary attack, or other similar attacks. All sites that use servlets are vulnerable to this problem.The patch associated with this advisory corrects the problem.
Severity: Critical
Rationale: Administration
Description: An attacker can use a carefully constructed URL to cause BEA's proxy plugin to crash the Sun, IIS, or Apache web server process. On re-start, this may cause in-flight requests to be lost. This can cause a temporary denial of service. This attack can be exploited remotely, and the attacker does not require authentication.This advisory resolves the issue in the plugin by correctly handling URLs.
Severity: Critical
Rationale: Administration
Description: This is a combined security advisory. These vulnerabilities are fixed in JRockit R27.5.0. Installers, updates, patches and more information are available at support.oracle.com.
Severity: Critical
Rationale: Administration
Description: Cross-Site Scripting (XSS) vulnerabilityFor more information, see:http://download.oracle.com/docs/cd/E13222_01/wls/docs81/servlet/progtasks.html#160803Caution About Existing Samples:Our samples are intended to provide a simple tutorial regarding a few specific features. They are not comprehensive guides to best practices. Many of them omit the use of the Utils.encodeXSS() method or other XSS preventative techniques in needed places and are hence vulnerable to XSS attacks.
Severity: Critical
Rationale: Administration
Description: Advisory CVE-2009-1006 refers to all the vulnerability fixes that have been made in JRockit for addressing the applicable issues. The applicable advisories include:CVE 2008-5347CVE 2008-5348CVE 2008-5349CVE 2008-5350CVE 2008-5351CVE 2008-5352CVE 2008-5353CVE 2008-5354CVE 2008-5356CVE 2008-5360xFor more information, please contact Oracle Support or visit support.oracle.com.
Severity: Critical
Rationale: Administration
Description: Information Disclosure vulnerability in the ForeignJMS component.
Severity: Critical
Rationale: Administration
Description: Elevation of privilege vulnerability in the Console/WLST.
Severity: Critical
Rationale: Administration
Description: Information Disclosure vulnerability in the WebLogic console or server log.
Severity: Critical
Rationale: Administration
Description: Information disclosure vulnerability in WebLogic Server plug-ins for Apache, Sun, and IIS Web servers.
Severity: Critical
Rationale: Administration
Description: Information disclosure in JSP pages.
Severity: Critical
Rationale: Administration
Description: Elevation of privilege vulnerabilities in the UDDI Explorer.
Severity: Critical
Rationale: Administration
Description: Denial-of-Service vulnerability in WebLogic Server (Oracle WebLogic Server 9.x)
Severity: Critical
Rationale: Server Outage
Description: A vulnerability in the Java Management Extensions (JMX) management agent included in the Java Runtime Environment (JRE) may allow a JMX client running on a remote host to perform unauthorized operations on a system running JMX with local monitoring enabled.For more information, please contact Oracle Support or visit support.oracle.com.
Severity: Critical
Rationale: Administration
Description: Security vulnerabilities in the Java Runtime Environment may allow an untrusted applet that is loaded from a remote system to circumvent network access restrictions and establish socket connections to certain services running on machines other than the one that the applet was downloaded from. This may allow the untrusted remote applet the ability to exploit any security vulnerabilities existing in the services it has connected to.For more information, please contact Oracle Support or visit support.oracle.com.
Severity: Critical
Rationale: Administration
Description: A vulnerability in the Java Runtime Environment related to the processing of XML data may allow unauthorized access to certain URL resources (such as some files and web pages) or a Denial of Service (DoS) condition to be created on the system running the JRE.For more information, please contact Oracle Support or visit support.oracle.com.
Severity: Critical
Rationale: Administration
Description: A vulnerability in the Java Runtime Environment with processing XML data may allow an untrusted applet or application that is downloaded from a website unauthorized access to certain URL resources (such as some files and web pages).For more information, please contact Oracle Support or visit support.oracle.com.
Severity: Critical
Rationale: Administration
Description: A buffer overflow security vulnerability with the processing of fonts in the Java Runtime Environment (JRE) may allow an untrusted applet or application to elevate its privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet.For more information, please contact Oracle Support or visit support.oracle.com.
Severity: Critical
Rationale: Administration
Description: A vulnerability in the Java Runtime Environment relating to scripting language support may allow an untrusted applet or application to elevate its privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet.For more information, please contact Oracle Support or visit support.oracle.com.
Severity: Critical
Rationale: Administration
Description: A vulnerability in the Java Runtime Environment relating to scripting language support may allow an untrusted applet to access information from another applet.For more information, please contact Oracle Support or visit support.oracle.com.
Severity: Critical
Rationale: Administration
Description: Recently an exploit has been made public which may impact the availability, confidentiality or integrity of WebLogic Server applications which use the Apache web server configured with the WebLogic plug-in for Apache. This vulnerability may be remotely exploitable without authentication (that is, it may be exploited over a network without the need for a username and password).
Severity: Critical
Rationale: Server Outage
Description: This vulnerability may impact the availability, confidentiality, or integrity of WebLogic Server applications which use the Apache web server configured with the WebLogic plug-in for Apache. This vulnerability may be remotely exploitable without authentication, that is, it may be exploited over a network without the need for a username and password.
Severity: Critical
Rationale: Administration
Description: If you configure more than one authorizer (e.g. an XACMLAuthorizer and a DefaultAuthorizer), certain elevation of privileges may occur for some resources.
Severity: Critical
Rationale: Administration
Description: This vulnerability in some NetUI tags may allow an attacker to read unauthorized data.
Severity: Critical
Rationale: Administration
Description: Under certain conditions, some applications in admin state may be made available to non admin users.
Severity: Critical
Rationale: Administration
Description: Under certain conditions, some applications in admin state may be made available to non admin users.
Severity: Critical
Rationale: Administration
Description: Under certain conditions, some applications in admin state may be made available to non admin users.
Severity: Critical
Rationale: Administration
Description: If you upgrade from Oracle WebLogic Server 8.1 Maintenance Pack 3 to a higher version and use auth-method as CLIENT-CERT, some web apps which were protected in Oracle WebLogic Server 8.1 Maintenance Pack 3 may be made available to an invalid user.
Severity: Critical
Rationale: Administration
Description: If you upgrade from Oracle WebLogic Server 8.1 Maintenance Pack 3 to a higher version and use auth-method as CLIENT-CERT, some Web applications which were protected in Oracle WebLogic Server 8.1 Maintenance Pack 3 may be made available to an invalid user.
Severity: Critical
Rationale: Administration
Description: If you upgrade from Oracle WebLogic Server 8.1SP3 to a higher version and use auth-method as CLIENT-CERT, some web apps which were protected in Oracle WebLogic Server 8.1SP3 may be made available to an invalid user.
Severity: Critical
Rationale: Administration
Description: This vulnerability may impact the availability, confidentiality, or integrity of WebLogic Server applications, which use the Apache, Sun, or IIS Web server configured with the WebLogic plug-in for Apache, Sun, or IIS servers, respectively. This vulnerability may be remotely exploitable without authentication; that is, it may be exploited over a network without the need for a username and password.
Severity: Critical
Rationale: Administration
Description: Certain circumstances may cause some information disclosure in WebLogic Server JSPs and servlets.
Severity: Critical
Rationale: Subsystem Outage
Description: This vulnerability in WebLogic Console may allow information disclosure and elevation of privileges. This may be exploited over a network.
Severity: Critical
Rationale: Administration
Description: This vulnerability in WebLogic Portal may allow elevation of privileges. This may be exploited over a network.
Severity: Critical
Rationale: Administration
Description: Oracle has released Critical Patch Updates for October 2009 that provide corrective action for potential security vulnerabilities for Oracle JRockit R27.6.3 JRE/JDK 1.6.0_11. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Administration
Description: Oracle has released Critical Patch Updates for July 2009 that provide corrective action for potential security vulnerabilities for Oracle WebLogic 9.0, 9.1 and 9.2. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Server Outage
Description: This vulnerability in WebLogic Server may allow elevation of privileges. This may be exploited over a network.
Severity: Critical
Rationale: Administration
Description: This vulnerability in Oracle WebLogic Server may allow access to source code of Web pages. This may be exploited over a network.
Severity: Critical
Rationale: Administration
Description: This vulnerability may impact the availability, confidentiality, or integrity of WebLogic Server applications, which use the Apache, Sun, or IIS web server configured with the WebLogic plug-in for Apache, Sun, or IIS servers, respectively. This vulnerability may be remotely exploitable without authentication. That is. it may be exploited over a network without the need for a username and password.
Severity: Critical
Rationale: Administration
Description: This vulnerability may impact the availability, confidentiality, or integrity of Oracle WebLogic Server applications, which use the Apache, Sun, or IIS web server configured with the WebLogic Server plug-ins for Apache, Sun, or IIS servers, respectively.
Severity: Critical
Rationale: Administration
Description: Oracle has released Critical Patch Updates for July 2009 that provide corrective action for potential security vulnerabilities for Oracle JRockit R27.6.3 and earlier JRE and JDK 6, R27.6.3 and earlier JRE and JDK 5.0, R27.6.3 and earlier SDK and JRE 1.4.2. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Administration
Description: Oracle has released Critical Patch Updates for July 2009 that provide corrective action for potential security vulnerabilities for Oracle WebLogic Server 9.0, 9.1, and 9.2.
Severity: Critical
Rationale: Server Outage
Description: Oracle has released Critical Patch Updates for October 2009 that provide corrective action for potential security vulnerabilities for Oracle WebLogic Portal 10.x. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Non-User Viewable Errors
Description: Oracle has released Critical Patch Updates for October 2009 that provide corrective action for potential security vulnerabilities for Oracle WebLogic Portal 9.x. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Non-User Viewable Errors
Description: Oracle has released Critical Patch Updates for October 2009 that provide corrective action for potential security vulnerabilities for Oracle JRockit 1.5.0_19 and 1.6.0_14.Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Administration
Description: Oracle has released Critical Patch Updates for October 2009 that provide corrective action for potential security vulnerabilities for Oracle WebLogic Server 9.0, 9.1, and 9.2. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Server Outage
Description: Oracle has released Critical Patch Updates for October 2009 that provide corrective action for potential security vulnerabilities for Oracle JRockit 1.6.0_14, 1.5.0_19 and 1.4.2_21. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Administration
Description: Oracle has released a Critical Patch Update that provides corrective action for a potential security vulnerability for Oracle WebLogic Server 9.x. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Non-User Viewable Errors
Description: Oracle has released Critical Patch Updates for January 2010 that provide corrective action for potential security vulnerabilities for Oracle WebLogic Server 9.x. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Non-User Viewable Errors
Description: Oracle has released Critical Patch Updates for January 2010 that provide corrective action for potential security vulnerabilities for Oracle WebLogic Server 9.x. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Non-User Viewable Errors
Description: Oracle has released a Critical Patch Update that provides corrective action for a potential security vulnerability for Oracle WebLogic Server 9.x. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Non-User Viewable Errors
Description: Oracle has released Critical Patch Updates for January 2010 that provide corrective action for potential security vulnerabilities for Oracle WebLogic Server 9.x. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Non-User Viewable Errors
Description: Oracle has released Critical Patch Updates for January 2010 that provide corrective action for potential security vulnerabilities for Oracle WebLogic Server 9.x. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Non-User Viewable Errors
Description: Oracle has released Critical Patch Updates for January 2010 that provide corrective action for potential security vulnerabilities for Oracle JRockit 1.6.0_14, 1.5.0_19 and 1.4.2_21. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Administration
Description: Oracle has released a Critical Patch Update that provides corrective action for a potential security vulnerability for Oracle JRockit R27.6.6: JRE/JDK 1.4.2, 5 and 6; R28.0.0, JRE/JDK 5 and 6. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Administration
Description: Oracle has released a Critical Patch Update that provides corrective action for a potential security vulnerability for Oracle WebLogic Server 9.x. Please refer to the Remedy and For More Information sections.
Severity: Critical
Rationale: Non-User Viewable Errors
Description: During high load tests, Muxer threads can become stuck in both managed servers. Thread dumps report stack similar to the following:'ExecuteThread: '2' for queue: 'weblogic.socket.Muxer'' daemon prio=10 tid=00a1eb68 nid=26 lwp_id=332127 in Object.wait() [4fae8000..4fae76f8] at java.lang.Object.wait(Native Method) - waiting on <6df388f8> (a java.lang.Object) at java.lang.Object.wait(Object.java:474) at weblogic.rjvm.RJVMImpl.ensureConnectionEstablished(RJVMImpl.java:317) - locked <6df388f8> (a java.lang.Object) at weblogic.rjvm.RJVMImpl.getOutputStream(RJVMImpl.java:340) ...This issue occurs due to an issue in the servlet code.
Severity: Critical
Rationale: Administration
Description: If you are using Oracle JRockit in conjunction with a native library that relies on OS signals you may experience crashes due to a signal handling conflict between Oracle JRockit and the native library.Dump stack matches known issue:Thread Stack Trace: at pthread_kill+62()@0xb75c00ee at ptSendSignal+34()@0xb71aedc6 at trapiConvertToDeferredSigsegv+199()@0xb719d207 at trapiSigSegvHandler+40()@0xb719d23c at xehInterpretSavedSigaction+219(amqxerrx.c)@0xb72f276b at xehExceptionHandler+543()@0xb72f2b3f at __libc_sigaction+272()@0xb75c2f80Oracle Engineering found this conflict using IBM's MQSeries native drivers, and it may be present in other libraries that rely on native code.
Severity: Critical
Rationale: Server Outage
Description: Java level deadlock between weblogic.deployment.jms.JMSSessionPoolTester and weblogic.deployment.jms.JMSSessionPool reveal in Oracle WebLogic Server Thread dump.
Severity: Critical
Rationale: Server Outage
Description: Deleting a channel used by an RDBMS Event Generator can cause a deadlock in the server.
Severity: Critical
Rationale: Administration
Description: In Oracle WebLogic Server 9.2, a stuck situation can occur between a client and an EJB session. The problem happens if the client application and the EJB are deployed on different JVMs. For a standalone Java the issue can be resolved by using the wlclient.jar on the first order in the Application Classpath. However, for a client application that is running on a different JVM, the Stuck behavior still persists.You could see the following exception:java.rmi.UnmarshalException: Method not found: 'newMethod(Ljava.lang.String;)' at @ weblogic.rmi.internal.MethodDescriptor.getCanonical(MethodDescriptor......
Severity: Critical
Rationale: Server Outage
Description: EJB-based Web Service leaks EJB beans when the message handler throws an exception. If the SOAP message handler encounters any exception, it fails to release the associated service bean from the cache, which will lead to the leak.
Severity: Critical
Rationale: Subsystem Outage
Description: When using the portal visitor tools, portlets residing in entitled portlet categories are still visible to non-entitled users when initially viewing and arranging the portlets. This occurs prior to selecting the "add content" button within the visitor tools.
Severity: Critical
Rationale: Administration
Description: Schema enumeration types are not handled properly in the XBeans used by Oracle WebLogic Integration when generating JAX-RPC style objects from a Web Service Definition Language (WSDL) file. Per the JAX-RPC specifications, the generated JAVA types should not have a default constructor that is public. Since XBeans validate that Java Type objects have a default public constructor before binding them with the XML Schema objects, these special type JAX-RPC Java Objects fail to validate, causing the build error in Oracle WebLogic Integration.Example of a build error:'Type com.frk.middleware.xmlschemas.contactmodifyprofile.v100.ActionType has no default constructor and cannot be unmarshalled from XML.'
Severity: Critical
Rationale: Not Complying with Specifications
Description: If you specify the listen address explicitly, creating or viewing the Event Generator tab in the Oracle WebLogic Integration Console causes a ManagementException and a ConnectException to be thrown. This occurs because the server listens only at the specified address, while the console uses "localhost" to access the server.
Severity: Critical
Rationale: Development
Description: During deployment using DynamicUpdateOperation, Application MBeans are nulled out.Replication Steps:1. After four or five partial builds, Workshop fails to publish. Usually, but not always, the error is related to the fact that the root web application could not be deployed.2. While building the publishing fails.3. Then, as an attempted workaround, the following steps were taken: a. Shutdown server. b. Close Workshop. c. Delete the domain "tmp" folder on the admin server. d. Delete both the apt_src and build folder for the projects. e. Restart Workshop. f. Perform a complete clean up. g. Perform a complete build. h. Restart the server.However, this procedure works sometimes. When it fails, you must repeat steps 3.f and 3.g multiple times.
Severity: Critical
Rationale: Development
Description: A denial-of-service attack is a malicious attempt to overload a server by sending more requests than it can handle, preventing access to a service. Attackers may overload the server by sending huge amounts of data in an HTTP POST method. The client can get an HTTP error code 413 (Request Entity Too Large) or the connection may be broken.Prevent this type of attack by setting the MaxPostSize parameter. This limits the number of bytes of data that can be received in a POST from a single request. (By default, the value for MaxPostSize is -1, i.e. unlimited.) If an attacker sends an HTTP POST that exceeds the limit you specify, it triggers a MaxPostSizeExceeded exception and the server logs a "POST size exceeded the parameter MaxPostSize" message.
Severity: Critical
Rationale: Server Outage
Description: When Hibernate and ehcache are used with Oracle WebLogic Server, the ehcache component writes cached objects to the file system defined by the property java.io.tmpDir. This, in itself, is not an issue. However, when there are two or more managed servers running on each physical server, these managed servers write to the same directory in the file system using the same file names. Consequently, the servers are sharing resources that require explicit locks in order to modify the files, which can result in a deadlock condition.
Severity: Critical
Rationale: Administration
Description: Some customers write their own startup and environment scripts. Sometimes they invert the CLASSPATH order. When this occurs, patches applied with BSU are not active even if Oracle Enterprise Manager detects them. The weblogic_patch.jar must always come before weblogic_sp.jar and weblogic.jar in the classpath.
Severity: Critical
Rationale: Administration
Description: In some cases, Oracle WebLogic Server 9.2 may raise the following exceptions in the Oracle WebLogic Portal running on a managed server:weblogic.management.utils.CreateExceptionnetscape.ldap.LDAPException: error result (68)This is due to a timing issue that can occur between the administration server and the managed server when a security policy is changed - in this case, attempting to create a new role when the role already exists. Oracle WebLogic Server fails to detect the existing role, causing the managed server to attempt to create the duplicate role in the Oracle WebLogic Server embedded LDAP.
Severity: Critical
Rationale: Subsystem Outage
Description: When a Distributed Topic is configured, if a network failure occurs and the Oracle WebLogic Servers lose contact with one another, then the members of the Distributed Destination will not be able to send JMS messages between nodes, even when the network connection has been re-established.
Severity: Critical
Rationale: Subsystem Outage
Description: JMS JDBC store does not recover after database failure and reconnection. It results in the following exception for the affected JMS JDBC Store (Oracle DB):[Store:280065]failed to connect to database (server="XXXXXXXX" store="XXXXXXX" table="Store1WLStore"):(LinkedCause, "weblogic.jdbc.extensions.ConnectionDeadSQLException: weblogic.common.resourcepool.ResourceDeadException: Could not create pool connection. The DBMS driver exception was: Io exception: The Network Adapter could not establish the connection")
Severity: Critical
Rationale: Subsystem Outage
Description: When the JMS Server's BytesHighCount attribute is greater than 50 percent of the JVM's HeapSizeCurrent, and the BytesPagingEnabled and MessagesPagingEnabled attributes are not set, a JMS processing error may have occured or may occur in the future.
Severity: Critical
Rationale: Server Outage
Description: When sending a large number of messages to a JMS queue without any clients to de-queue, Oracle WebLogic Server 9.1 server runs out of memory very quickly.
Severity: Critical
Rationale: Server Outage
Description: When Oracle WebLogic Server Messaging Bridge attempts to send messages from Oracle WebLogic Server to SonicMQ, the send operation fails with the following exception:<Jan 18, 2007 12:36:02 PM CET> <Debug> <MessagingBridgeRuntimeVerbose> <blade179> <online1> <[ACTIVE] ExecuteThread: '3'for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <Oracle1-0135C6595CEBDA119AFB> <> <1169120162762> <000000> <Exception:javax.jms.JMSException: Message Property cannot be set by a JMS client at progress.message.jimpl.JMSExceptionUtil.createJMSException
Severity: Critical
Rationale: Subsystem Outage
Description: If a JSP is included from another JSP, and it is responding to Japanese characters from a client, an infinite loop results that causes high CPU consumption and a stuck thread. The stack trace of the stuck thread is as follows:"[STUCK] ExecuteThread: '0' for queue: 'weblogic.kernel.Default(self-tuning)'" daemon prio=2 tid=0x2b95b530 nid=0xbec runnable [0x2b2df000..0x2b2dfd18] at sun.nio.cs.ext.DoubleByteDecoder.decodeArrayLoop(DoubleByteDecoder.java:94) at sun.nio.cs.ext.DoubleByteDecoder.decodeLoop(DoubleByteDecoder.java:144) at sun.nio.cs.ext.MS932$Decoder.decodeLoop(MS932.java:62) at java.nio.charset.CharsetDecoder.decode(CharsetDecoder.java:544) at weblogic.servlet.internal.CharChunkOutput.write(CharChunkOutput.java:107)
Severity: Critical
Rationale: Server Outage
Description: Message Driven Bean (MDB) thread hangs at weblogic.messaging.util.DeliveryList.waitUntilIdle() when using Oracle WebLogic Server 8.1 Threading Model -Dweblogic.Use81StyleExecuteQueues=true.
Severity: Critical
Rationale: Subsystem Outage
Description: On Linux OS i686, when a Managed Server is shut down abruptly by means of the Node Manager, the Managed Server may become defunct. This occurs because the Node Manager ignores the SIGCHLD signal, which is not POSIX-compliant.
Severity: Critical
Rationale: Server Outage
Description: If the Administration Server port has not been enabled for either HTTP or HTTP tunneling, when you start a Managed Server through Node Manager, the server will incorrectly boot in Managed Server Independence mode because it cannot find the Administration Server.
Severity: Critical
Rationale: Server Outage
Description: Memory leak occurs in JMS thin client when running load tests; objects are not being released properly. This causes OutOfMemory errors on both the client and server side.
Severity: Critical
Rationale: Administration
Description: Instances of com.bea.wcp.sip.engine.server.LocalCallStateManager$CallState are not cleaned up when a UA sends a BYE before responding to a re-INVITE.This may occur if a UA hangs up (sends a BYE) before it has sent an OK response to a re-INVITE. Oracle WebLogic SIP Server may erroneously wait forever for the OK. - > INVITE< - 100 Trying< - 180 Ringing< - 200 OK - > ACK< - INVITE - > 100 Trying - > BYE (For ACK)< - 200 OK (For BYE)If the UA sends a BYE before responding to the re-INVITE, these call state instances are never destroyed. Over time, this may causes a memory leak of tens of megabytes.If the 100 Trying is not sent, then the re-INVITE times out with a 408 response; thus, dropping the sessions and not creating a memory leak.
Severity: Critical
Rationale: Server Outage
Description: On an HP-UX platform, when an I/O operation on a File Descriptor is canceled, the socket is not being properly cleaned. This causes a File Descriptor leak, which will eventually result in an OutOfMemoryError.
Severity: Critical
Rationale: Server Outage
Description: Under high load, messages may become stuck in JMS queues. The JMS messages remain in a state of "receive," and the messages are still not delivered to the Error Dest, even after some hours. Upon a server restart, the messages are redelivered successfully.MessagingKernel debug analysis reveals that the messages stuck in the JMS Queue(s) failed to be unacknowledged by Oracle WebLogic Server, with the following error:Debug> <MessagingKernel> <000000> <Error rolling back received message: weblogic.messaging.kernel.KernelException: Message has already been acknowledgedweblogic.messaging.kernel.KernelException: Message has already been acknowledged at weblogic.messaging.kernel.internal.QueueImpl.negativeAcknowledgeInternal(QueueImpl.java:1314)...
Severity: Critical
Rationale: Subsystem Outage
Description: The weblogic.jms.extensions.WLMessageProducer.send(jmsMessage) causes the client application to hang when the following circumstances occur at the same time:* WLMessageProducer.setUnitOfOrder("example1") was set before the application called wlMessageProducer.send(message)* The distributed destination for the message contained DistributedDestinationBean.setUnitOfOrderRouting("PathService") instead of the default "Hash"* An exception occurred when using the path service. This could be attributed to a network problem or the server not being rebooted.
Severity: Critical
Rationale: Subsystem Outage
Description: The following fatal error occurs if the path to the NodeManager libraries is not set prior to starting the NodeManager: <SEVERE> <Fatal error in node manager server> weblogic.nodemanager.common.ConfigException: Native version is enabled but node manager native library could not be loaded at weblogic.nodemanager.server.NMServerConfig.initProcessControl(NMServerConfig.java:212) at weblogic.nodemanager.server.NMServerConfig.<init>(NMServerConfig.java:172)...
Severity: Critical
Rationale: Server Outage
Description: When an interface is not compliant with the implementation classes, Oracle JRockit may crash or throw a NullPointerException. This occurs because Oracle JRockit does not perform verification of implemented interfaces before a call, unless it is started with the option -Xverify:all.Oracle JRockit R24.5.0 and previous versions crash under these conditions. Oracle JRockit R25.2.1-11 and later throw a NullPointerException where an IncompatibleClassChangeError could be expected.
Severity: Critical
Rationale: Server Outage
Description: In Oracle WebLogic Server 9.2, a Web Services client runtime NullPointerException may occur inweblogic.wsee.bind.internal.FormQualifiedHelper.getPropertyForElement(). This can occur if the source Web Service Definition Language (WSDL) contains an anonymous type as a referenced fault element. This same source WSDL works without runtime issues in Oracle WebLogic Server 8.1, Websphere 6.0.2, Websphere 6.1, Artix 4.2, and JBoss 4.0.3.
Severity: Critical
Rationale: Not Complying with Specifications
Description: Oracle JRockit 1.4.2_12 crashed on multiple WLS 8 SP4 servers.Oracle JRockit dump shows the following stack trace:Stack 0: start=0xb7a58000, end=0xb7a9c000, guards=0xb7a5d000 (ok),forbidden=0xb7a5b000Thread Stack Trace: at mmGetObjectSize+8()@0xb7e6b3c8 at findNext+166()@0xb7e9a006 at refIterGetNext+44()@0xb7e9a24c at trMarkRootsForThread+325()@0xb7ea83b5 at mmMarkRootsForThread+44()@0xb7e2cc2c at mmParThreadInspection+45()@0xb7e7794d at tsDoGCInspectionForAllThreads+37()@0xb7ed8555 at mmParMark+118()@0xb7e77d16 at mmGCMainLoop+1074()@0xb7d73722 at tsiCallStartFunction+81()@0xb7e1ac81 at tsiThreadStub+126()@0xb7e1bd1e at ptiThreadStub+18()@0xb7e840d2 at start_thread+129()@0x9e6371 at clone+94()@0x88e9be - Java stack -
Severity: Critical
Rationale: Server Outage
Description: When using Oracle JRockit 1.5.0_04 in a Oracle WebLogic Server domain with RFID Enterprise 2.0, the server may hang during startup. This problem with slow startup occurs only if the default Java heap settings have been modified (for example, when specifying a setting such as -Xmx1024mb). If the heap settings have been modified, up to 99 percent of the CPU memory may be utilized during startup.This problem does not happen with Oracle JRockit 1.5.0_06.
Severity: Critical
Rationale: Server Outage
Description: Sometimes, calling inflate on a closed Inflater results in Oracle JRockit crashing, creating a core file. It can occur with Oracle JRockit R27.3.1.The relevant stack trace will be similar to the following:Thread Stack Trace: at inflate+73()@0x000000001027C409 at RJNI_java_util_zip_Inflater_inflateFast+90()@0x000000001020162A - Java stack - at java/util/zip/Inflater.inflateFast(JJIJI)I(Native Method) at java/util/zip/Inflater.inflateBytes(Inflater.java:354) at java/util/zip/Inflater.inflate(Inflater.java:216)
Severity: Critical
Rationale: Administration
Description: In Oracle Service Bus, stuck threads can occur when processing xQueries, when CachingFactory.createEnginge() performs a HashMap.getEntry().
Severity: Critical
Rationale: Server Outage
Description: Oracle WebLogic Integration 9.2 runs out of Java heap memory, which results in an Out of Memory error in the Oracle WebLogic Server Administration Console.The following error message is displayed:"java.lang.OutOfMemoryError: Java heap space"
Severity: Critical
Rationale: Server Outage
Description: In Oracle WebLogic Server 9.2, when there is an active transaction on a thread that has not been committed or rolled back, the web container does not abort the transaction when the servlet execution is complete.
Severity: Critical
Rationale: Not Complying with Specifications
Description: If a schema used in Oracle Service Bus has recursive nodes, upon stage and edit, a node eventually causes the following OutOfMemoryError:<Apr 19, 2007 7:48:17 AM MDT> <Error> <netuix> <BEA-423147> <Exception [com.bea.portlet.adapter.scopedcontent.ActionLookupFailedException:java.lang.OutOfMemory Error: Java heap space] thrown while trying to do task [handlePostbackData] in class [com.bea.netuix.servlets.controls.content.StrutsContent].com.bea.portlet.adapter.scopedcontent.ActionLookupFailedException: java.lang.OutOfMemoryError: Java heap space...java.lang.OutOfMemoryError: Java heap space>
Severity: Critical
Rationale: Administration
Description: When running Oracle WebLogic Server in a production environment, the Demo Identity Keystore and DemoTrust Keystore should not be enabled. All of the digital certificates and trusted CA certificates in the Demo Identity Keystore and DemoTrust Keystore are signed by an Oracle WebLogic Server demonstration certificate authority. As a result, all of the Oracle WebLogic Server installations trust each other. This leaves the SSL connections vulnerable to many types of security attacks.
Severity: Critical
Rationale: Server Outage
Description: Router information in the client's RJVM is getting corrupted. Therefore, the managed server is unable to establish connection after restarting. The Java client fails with an exception similar to the following:Closing: weblogic.rjvm.t3.MuxableSocketT3$T3MsgAbbrevJVMConnection@175e058 because of Server expected to route a message received over an uninitialized connection: 'JVMMessage from ...
Severity: Critical
Rationale: Server Outage
Description: Upgrading to the versions 1.6.0_14 and 1.5.0_19 of the Sun JDK or Oracle JRockit causes compatibility issues between Sun JDK and Oracle JRockit handling of SSL and Oracle WebLogic Server handling of SSL.
Severity: Critical
Rationale: Non-User Viewable Errors
Description: In Oracle WebLogic Server, when Log File Rotation is enabled, and the Max Number of Log Files value (NumberOfFilesLimited) is not set to true, then Server will not limit the number of backup log files.In this case, a situation may arise where there are too many log files to be rotated and Oracle WebLogic Server threads get struck while trying to roll the log files. This will lead to server outage.To prevent this situation, do either of the following:a) Periodically backup the log files to a different location (Manual Process).b) Set the NumberOfFileLimited=true for the Log MBean.
Severity: Critical
Rationale: Server Outage
Description: Sessions are lost after configuring SAML with two domains (Oracle WebLogic Server 9.x or Oracle WebLogic Server 10.x) running on one system.It is a SAML requirement to set all webapp cookie names to the default (JSESSIONID). With this setting, the client browser can differentiate cookies originating from different domains only if the IPAddress or hostname of the SAML source and destination domain are not the same.
Severity: Critical
Rationale: User Viewable Errors
Description: MimeMessage is reset to null after writing the data to stream. This causes thegetContentType call to fail, and so eventually SOAP attachments are not handledcorrectly.
Severity: Critical
Rationale: Subsystem Outage
Description: When starting Oracle WebLogic Server on Solaris 8 or 5.8, the default threading libraries of the operating system may cause various JVM threading issues, which can ultimately result in the server hanging or crashing.
Severity: Critical
Rationale: Server Outage
Description: If one data source with an empty JNDI name is deployed to a server, a StackOverflowError will be reported when viewing JNDI tree of the server.
Severity: Critical
Rationale: Administration
Description: Unsynchronized HashMap leads to stuck threads and high CPU usage.The relevant stack trace is as follows:Thread-333 "[STUCK] ExecuteThread: '10' for queue: 'weblogic.kernel.Default(self-tuning)'" <alive, suspended, priority=1, DAEMON> { java.util.HashMap.put(HashMap.java:416) weblogic.descriptor.internal.DuplicateChecker.register( DuplicateChecker.java:52) weblogic.descriptor.internal.DuplicateChecker.registerIfNoDuplicate( DuplicateChecker.java:18) weblogic.descriptor.internal.ReferenceManager.registerBean( ReferenceManager.java:205) ....
Severity: Critical
Rationale: Subsystem Outage
Description: The customer has applied a patch from Oracle Bug 8087768 (8068770 + 8085020); however, ORA-00001 still occurs under the load.
Severity: Critical
Rationale: Performance
Description: When Oracle WebLogic Server writes a message to the Message Queue via JMS wrappers, the transaction fails during commit, and an MQXAR is registered. When the registration is removed, the transaction works properly. If you use the JMS wrappers to write the message to Oracle WebLogic Server JMS, it also works correctly.
Severity: Critical
Rationale: Administration
Description: During a WLST session, after disconnecting from the Node Manager, users are able to reconnect to the Node Manager without passing the correct username and password to the nmConnect() method.
Severity: Critical
Rationale: Administration
Description: When there is a large JMS Queue (large number of messages/large messages), using the Oracle WebLogic Server Administration Console to export the queue causes an Out of Memory error.
Severity: Critical
Rationale: Server Outage
Description: For Oracle WebLogic Server 9.1, using the Oracle WebLogic Server JSP compiler may result in an infinite loop where the compilation never completes.
Severity: Critical
Rationale: Subsystem Outage
Description: Using large schema (XQuery file using XSDs with circular imports) in the Eclipse XQuery Mapper is resulting in Out Of Memory Exceptions (OOMEs).Patch Oracle Bug 8111384 enables the XQuery Mapper to load large schema.
Severity: Critical
Rationale: Server Outage
Description: Attempting to start a server on a Linux platform when setting the post-bind option in a UNIX machine can cause the server to core dump with a StackOverflow exception.This applies to Oracle JRockit R26.2 and above.
Severity: Critical
Rationale: Administration
Description: Oracle WebLogic Server Diagnostic Framework indexes log files in the background to facilitate accessor queries. With heavy logging activity, this can burden the CPU (up to 100%) even when no accessor queries are performed.
Severity: Critical
Rationale: Performance
Description: The Archive component of the Oracle WebLogic Diagnostic Framework (WLDF) captures and persists data events, log records, and metrics. WLDF can be configured to archive diagnostic data to a file store or a Java Database Connectivity (JDBC) data source. When using a JDBC archive for WLDF, Oracle WebLogic Server issues a full table select against each of the archive tables when starting the server. In a large database, issuing full selects when the server starts can delay the startup time and add large memory overhead to the server at runtime. You may use a file-based archive as a workaround. Oracle Bug 8143627 changes the behavior of Oracle WebLogic Server to verify that the table and columns exist, but not return any results.
Severity: Critical
Rationale: Administration
Description: WebLogic.net.http.HttpURLConnection may cause failures when KeepAlive is used. This can occur in the following scenario: A Web service is deployed on Oracle WebLogic Server 9.2, and the Service is called every 10 seconds from a JAX-WS client deployed on another Oracle WebLogic Server 9.2 server. Both servers are separated by an Apache 2.2.3 forward and reverse proxy, as follows: The JAX-WS client uses weblogic.net.http.HttpURLConnection to call the Web service. The response from the Oracle WebLogic Server 9.2 Web service arrives with chunked encoding; but, at the receiving end, the Oracle WebLogic Server HttpURLConnection fails to strip the chunk internal information and sends a corrupted InputStream to JAX-WS, causing a parsing failure.
Severity: Critical
Rationale: Not Complying with Specifications
Description: Oracle JRockit 1.5_02 (R25.0.0) and Oracle JRockit 1.5_03 (R25.2.0) running on Windows 2000 requires Service Pack 2 or higher. This signature indicates that you are running no service pack or one less than Service Pack 2. Upgrade to Windows 2000 SP 2 or higher.
Severity: Critical
Rationale: Not Complying with Specifications
Description: Windows 2000 SP4 and higher required for Oracle JRockit 1.5_04 through Oracle JRockit 1.5_06.
Severity: Critical
Rationale: Not Complying with Specifications
Description: If you are running on Linux or Solaris and press Ctrl-C to properly shut down your application, it will actually terminate immediately and you risk losing any runtime data that hasn't been saved to disk or a database. This happens because Oracle JRockit fails to register the SIGINT signal handler used for the shut down hooks.This issue does not apply to applications running on Windows.
Severity: Critical
Rationale: Administration
Description: If you are using ALBPM 6.0.4 on Oracle WebLogic Server 9.2.x, and if you have ALBPM processes that contain Global Automatic Activities, then these Global Automatic Activities listen to JMS queues for messages. In ALBPM 6.x implementation, the engine implements this type of Global Automatic Activity by scheduling a work item with the WorkManager (default or custom). The WorkManager runs the work item in one of its threads. The work item, when executed, dynamically creates a JMS queue consumer that represents a Global Automatic Activity. The issue is that you may not notice any consumers on some queues after server start up.
Severity: Critical
Rationale: Server Outage
Description: XQuery transformations (Java to XML and vice-versa) may throw a com.bea.transform.TransformException. This can occur if an array field of "custom type" is present, or if the element "paging" is not recognized by the mapping.
Severity: Critical
Rationale: Subsystem Outage
The compliance rules for the Weblogic Domain Configuration Compliance standard follow.
Description: The compliance standard rule verifies whether BEA WebLogic Domain Administration Port is enabled or not. An Administration Port limits all administration traffic between server instances in a WebLogic Domain to a single port.
Severity: Critical
Rationale: Administration Port Enabled rule enables you to separate administration traffic from application traffic in your domain. The administration port accepts only secure, SSL traffic, and all connections via the port require authentication by a server administrator.
Description: The compliance standard rule verifies whether ExalogicOptimizationsEnabled flag of the domain is enabled or not.
Severity: Critical
Rationale: ExalogicOptimizationsEnabled attribute improves thread management and request processing, and reduced lock contention. This attribute should be enabled only when configuring a WebLogic domain for Oracle Exalogic.
Description: The compliance standard rule verifies whether all the BEA WebLogic Managed Servers of the Domain target are running in production mode or not.
Severity: Critical
Rationale: All the WebLogic Servers of a Domain use different default values for various services depending on the type of environment you specify. You can indicate whether the Domain is to be used in a development environment or a production environment.