BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores certain secrets concerning password encryption insecurely in config.xml, filerealm.properties, and weblogic-rar.xml, which allows local users to learn those secrets and decrypt passwords.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/7563 | Patch |
http://www.securityfocus.com/bid/7587 | Patch |
http://dev2dev.bea.com/pub/advisory/22 |
Configurations
Configuration 1 (hide)
|
Information
Published : 2003-12-30 21:00
Updated : 2008-09-10 12:22
NVD link : CVE-2003-1226
Mitre link : CVE-2003-1226
JSON object : View
CWE
Products Affected
bea
- weblogic_server