Vulnerabilities > CVE-2007-0409 - Unspecified vulnerability in BEA Weblogic Server
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
BEA WebLogic 7.0 through 7.0 SP6, 8.1 through 8.1 SP4, and 9.0 initial release does not encrypt passwords stored in the JDBCDataSourceFactory MBean Properties, which allows local administrative users to read the cleartext password.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 24 |
References
- http://dev2dev.bea.com/pub/advisory/203
- http://dev2dev.bea.com/pub/advisory/203
- http://osvdb.org/38501
- http://osvdb.org/38501
- http://secunia.com/advisories/23750
- http://secunia.com/advisories/23750
- http://securitytracker.com/id?1017525
- http://securitytracker.com/id?1017525
- http://www.securityfocus.com/bid/22082
- http://www.securityfocus.com/bid/22082
- http://www.vupen.com/english/advisories/2007/0213
- http://www.vupen.com/english/advisories/2007/0213