CVE-2007-0409

Sažetak

BEA WebLogic 7.0 through 7.0 SP6, 8.1 through 8.1 SP4, and 9.0 initial release does not encrypt passwords stored in the JDBCDataSourceFactory MBean Properties, which allows local administrative users to read the cleartext password.

Reference

http://dev2dev.bea.com/pub/advisory/203
http://osvdb.org/38501
http://secunia.com/advisories/23750
http://securitytracker.com/id?1017525
http://www.securityfocus.com/bid/22082
http://www.vupen.com/english/advisories/2007/0213

CVSS

Base:	1.5
Impact:	2.9
Exploitability:	2.7

Pristup

Vektor	Složenost	Autentikacija
LOCAL	MEDIUM	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:L/AC:M/Au:S/C:P/I:N/A:N

Zadnje važnije ažuriranje

08-03-2011 - 02:49

Objavljeno

23-01-2007 - 00:28