BEA WebLogic Operator/Admin Password Disclosure Vulnerability Network Vulnerability

Summary

The remote web server is running WebLogic. BEA WebLogic Server and WebLogic Express are reported prone to a vulnerability that may result in the disclosure of Operator or Admin passwords. An attacker who has interactive access to the affected managed server, may potentially exploit this issue in a timed attack to harvest credentials when the managed server fails during the boot process.

Solution

http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_51.00.jsp

Severity

Classification

CVE CVE-2004-1757
CVSS Base Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apache CouchDB Cross Site Request Forgery Vulnerability
appRain CMF 'uploadify.php' Remote Arbitrary File Upload Vulnerability
Apache Open For Business HTML injection vulnerability
Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
Apache Tomcat Multiple Vulnerabilities June-09

Take action and discover your vulnerabilities