Weblogic.admin for BEA WebLogic Server and Express 7.0 and 7.0.0.1 displays the JDBCConnectionPoolRuntimeMBean password to the screen in cleartext, which allows attackers to read a user's password by physically observing ("shoulder surfing") the screen.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/7563 | Patch |
http://dev2dev.bea.com/pub/advisory/22 |
Configurations
Configuration 1 (hide)
|
Information
Published : 2003-12-30 21:00
Updated : 2008-09-10 12:22
NVD link : CVE-2003-1224
Mitre link : CVE-2003-1224
JSON object : View
CWE
Products Affected
bea
- weblogic_server