Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-1222

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2003-1222
Last Modified 10 Sep 2008 03:22:39
Published 31 Dec 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-1222

Summary

BEA Weblogic Express and Server 8.0 through 8.1 SP 1, when using a foreign Java Message Service (JMS) provider, echoes the password for the foreign provider to the console and stores it in cleartext in config.xml, which could allow attackers to obtain the password.

Vulnerable Systems

Application

  • Bea Weblogic Server 8.1


References

BID - 9034

BEA - BEA03-41.00


Last Updated: 27 May 2016 10:38:17