Vulnerabilities > CVE-2005-4755 - Multiple vulnerability in BEA Weblogic Server 8.1

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

local

low complexity

bea

NVD

Published: 2005-12-31

Updated: 2018-09-27

Summary

BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier (1) stores the private key passphrase (CustomTrustKeyStorePassPhrase) in cleartext in nodemanager.config; or, during domain creation with the Configuration Wizard, renders an SSL private key passphrase in cleartext (2) on a terminal or (3) in a log file, which might allow local users to obtain cryptographic keys.

Vulnerable Configurations

Part	Description	Count
Application	Bea BEA Weblogic Server 8.1	8

References

http://dev2dev.bea.com/pub/advisory/145
http://dev2dev.bea.com/pub/advisory/150
http://secunia.com/advisories/17138
http://www.securityfocus.com/bid/15052