CVE-2004-0712

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2004-0712
The configuration tools (1) config.sh in Unix or (2) config.cmd in Windows for BEA WebLogic Server 8.1 through SP2 create a log file that contains the administrative username and password in cleartext, which could allow local users to gain privileges.

4.6 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://www.securityfocus.com/bid/10188 Patch Vendor Advisory
http://www.kb.cert.org/vuls/id/574222 Patch Third Party Advisory US Government Resource
http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_58.00.jsp
https://exchange.xforce.ibmcloud.com/vulnerabilities/15926
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:bea:weblogic_server:8.1:sp2:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:sp2:express:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:sp1:express:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:sp1:win32:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:*:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:*:express:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:sp2:win32:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:*:win32:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:sp1:*:*:*:*:*:*
Information

Published : 2004-07-26 21:00

Updated : 2017-07-10 18:30

NVD link : CVE-2004-0712

Mitre link : CVE-2004-0712

JSON object : View

CWE
NVD-CWE-Other
Advertisement

dedicated server usa
Products Affected

bea

  • weblogic_server