PT-2003-2382 · Bea · Bea Weblogic Server+1

Publicado

2003-12-31

Atualizado

2018-10-30

CVE-2003-1437

CVSS v2.0

2.1

Baixa

Vetor

AV:L/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions BEA WebLogic Express and WebLogic Server versions 7.0 and 7.0.0.1

Description The issue allows local users to gain access by storing passwords in plaintext when a keystore is used to store a private key or trust certificate authorities.

Recommendations For BEA WebLogic Express and WebLogic Server versions 7.0 and 7.0.0.1, consider restricting access to the keystore to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2003-1437

Produtos afetados

Bea Weblogic Express

Bea Weblogic Server

PT-2003-2382 · Bea · Bea Weblogic Server+1

CVE-2003-1437

Identificadores relacionados

Produtos afetados

Referências · 5