Vulnerabilities > CVE-2006-0423 - Multiple vulnerability in Oracle Weblogic Portal 8.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
BEA WebLogic Portal 8.1 through SP3 stores the password for the RDBMS Authentication provider in cleartext in the config.xml file, which allows attackers to gain privileges.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 4 |
References
- http://dev2dev.bea.com/pub/advisory/167
- http://dev2dev.bea.com/pub/advisory/262
- http://secunia.com/advisories/18593
- http://securitytracker.com/id?1015528
- http://www.securityfocus.com/bid/16358
- http://www.vupen.com/english/advisories/2006/0312
- http://www.vupen.com/english/advisories/2008/0613
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24284
- https://exchange.xforce.ibmcloud.com/vulnerabilities/40705