CVE-2005-4755

BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier (1) stores the private key passphrase (CustomTrustKeyStorePassPhrase) in cleartext in nodemanager.config; or, during domain creation with the Configuration Wizard, renders an SSL private key passphrase in cleartext (2) on a terminal or (3) in a log file, which might allow local users to obtain cryptographic keys.
References
Link Resource
http://dev2dev.bea.com/pub/advisory/145 Patch Vendor Advisory
http://dev2dev.bea.com/pub/advisory/150 Patch Vendor Advisory
http://www.securityfocus.com/bid/15052 Third Party Advisory VDB Entry
http://secunia.com/advisories/17138 Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:bea:weblogic_server:8.1:*:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:*:express:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:sp1:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:sp3:express:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:sp1:express:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:sp2:express:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:sp2:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:sp3:*:*:*:*:*:*

Information

Published : 2005-12-30 21:00

Updated : 2018-09-27 14:38


NVD link : CVE-2005-4755

Mitre link : CVE-2005-4755


JSON object : View

Advertisement

dedicated server usa

Products Affected

bea

  • weblogic_server