BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores certain secrets concerning password encryption insecurely in config.xml, filerealm.properties, and weblogic-rar.xml, which allows local users to learn those secrets and decrypt passwords.
References
Configurations
Configuration 1 (hide)
|
History
20 Nov 2024, 23:46
Type | Values Removed | Values Added |
---|---|---|
References | () http://dev2dev.bea.com/pub/advisory/22 - | |
References | () http://www.securityfocus.com/bid/7563 - Patch | |
References | () http://www.securityfocus.com/bid/7587 - Patch |
Information
Published : 2003-12-31 05:00
Updated : 2024-11-20 23:46
NVD link : CVE-2003-1226
Mitre link : CVE-2003-1226
CVE.ORG link : CVE-2003-1226
JSON object : View
Products Affected
bea
- weblogic_server
CWE