Vulnerabilities > CVE-2005-4755 - Unspecified vulnerability in BEA Weblogic Server 8.1

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

bea

NVD

Published: 2005-12-31

Updated: 2024-11-21

Summary

BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier (1) stores the private key passphrase (CustomTrustKeyStorePassPhrase) in cleartext in nodemanager.config; or, during domain creation with the Configuration Wizard, renders an SSL private key passphrase in cleartext (2) on a terminal or (3) in a log file, which might allow local users to obtain cryptographic keys.

Vulnerable Configurations

Part	Description	Count
Application	Bea BEA Weblogic Server 8.1	8

References

http://dev2dev.bea.com/pub/advisory/145
http://dev2dev.bea.com/pub/advisory/145
http://dev2dev.bea.com/pub/advisory/150
http://dev2dev.bea.com/pub/advisory/150
http://secunia.com/advisories/17138
http://secunia.com/advisories/17138
http://www.securityfocus.com/bid/15052
http://www.securityfocus.com/bid/15052