Vulnerabilities > CVE-2003-1222 - Denial of Service and Information Disclosure vulnerability in BEA Weblogic Server 8.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
BEA Weblogic Express and Server 8.0 through 8.1 SP 1, when using a foreign Java Message Service (JMS) provider, echoes the password for the foreign provider to the console and stores it in cleartext in config.xml, which could allow attackers to obtain the password.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 4 |