Vulnerabilities > CVE-2007-2700 - Information Disclosure vulnerability in Weblogic Server 9.0/9.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
The WLST script generated by the configToScript command in BEA WebLogic Express and WebLogic Server 9.0 and 9.1 does not encrypt certain attributes in configuration files when creating a new domain, which allows remote authenticated users to obtain sensitive information.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 4 |