Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0712

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2004-0712
Last Modified 05 Sep 2008 04:39:11
Published 27 Jul 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2004-0712

Summary

The configuration tools (1) config.sh in Unix or (2) config.cmd in Windows for BEA WebLogic Server 8.1 through SP2 create a log file that contains the administrative username and password in cleartext, which could allow local users to gain privileges.

Vulnerable Systems

Application

  • Bea Weblogic Server 8.1


References

CERT-VN - VU#574222

BID - 10188

XF - weblogic-admin-password-plaintext(15926)

CONFIRM - http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_58.00.jsp


Last Updated: 27 May 2016 10:38:43