Vulnerabilities > CVE-2004-0652 - Local Password Disclosure vulnerability in BEA Weblogic Server 7.0/7.0.0.1/8.1
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
BEA WebLogic Server and WebLogic Express 7.0 through 7.0 Service Pack 4, and 8.1 through 8.1 Service Pack 2, allows attackers to obtain the username and password for booting the server by directly accessing certain internal methods.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 37 |
References
- http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_55.00.jsp
- http://secunia.com/advisories/11359
- http://securitytracker.com/id?1009766
- http://www.kb.cert.org/vuls/id/352110
- http://www.osvdb.org/5296
- http://www.securityfocus.com/bid/10133
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15865