Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5576

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2007-5576
Last Modified 07 Mar 2011 10:00:55
Published 18 Oct 2007 05:17:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2007-5576

Summary

BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which allows physically proximate attackers to obtain sensitive information via the (1) cnsbind, (2) cnsunbind, or (3) cnsls commands.

Vulnerable Systems

Application

  • Bea Tuxedo 8.0

  • Bea Tuxedo 8.1

  • Bea Weblogic Integration 8.1

  • Bea Weblogic Integration 9.2

  • Bea Weblogic Portal 9.2

  • Bea Weblogic Server 5.1

  • Bea Weblogic Server 6.1

  • Bea Weblogic Server 7.0

  • Bea Weblogic Server 7.0.0.1

  • Bea Weblogic Server 8.1

  • Bea Weblogic Server 9.0

  • Bea Weblogic Server 9.1

  • Bea Weblogic Server 9.2

  • Bea Weblogic Workshop 8.1


References

XF - weblogic-tuxedo-information-disclosure(34290)

VUPEN - ADV-2007-1813

OSVDB - 45478

BEA - BEA07-158.00


Last Updated: 27 May 2016 10:46:12