Vulnerabilities > CVE-2007-0413 - Unspecified vulnerability in BEA Weblogic Server

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

bea

NVD

Published: 2007-01-23

Updated: 2024-11-21

Summary

BEA WebLogic Server 8.1 through 8.1 SP5 stores cleartext data in a backup of config.xml after offline editing, which allows local users to obtain sensitive information by reading this backup file.

Vulnerable Configurations

Part	Description	Count
Application	Bea BEA Weblogic Server 5.1 BEA Weblogic Server 6.1 BEA Weblogic Server 7.0 BEA Weblogic Server 8.1	12

References

http://dev2dev.bea.com/pub/advisory/207
http://dev2dev.bea.com/pub/advisory/207
http://osvdb.org/38504
http://osvdb.org/38504
http://secunia.com/advisories/23750
http://secunia.com/advisories/23750
http://securitytracker.com/id?1017525
http://securitytracker.com/id?1017525
http://www.securityfocus.com/bid/22082
http://www.securityfocus.com/bid/22082
http://www.vupen.com/english/advisories/2007/0213
http://www.vupen.com/english/advisories/2007/0213