BEA WebLogic Operator/Admin Password Disclosure Vulnerability Network Vulnerability

Summary

The remote web server is running WebLogic. BEA WebLogic Server and WebLogic Express are reported prone to a vulnerability that may result in the disclosure of Operator or Admin passwords. An attacker who has interactive access to the affected managed server, may potentially exploit this issue in a timed attack to harvest credentials when the managed server fails during the boot process.

Solution

http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_51.00.jsp

Severity

Classification

CVE CVE-2004-1757

CVSS	Base Score: 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Aardvark Topsites <= 4.2.2 Remote File Inclusion Vulnerability
/cgi-bin directory browsable ?
AfterLogic WebMail Pro Multiple Cross Site Scripting Vulnerabilities
@Mail 'MailType' Parameter Cross Site Scripting Vulnerability
Adobe BlazeDS XML and XML External Entity Injection Vulnerabilities

Take action and discover your vulnerabilities