PT-2007-6597 · Oracle · Weblogic Enterprise+1

Publicado

2007-10-18

Atualizado

2018-10-30

CVE-2007-5576

CVSS v2.0

6.8

Média

Vetor

AV:L/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions BEA Tuxedo versions 8.0 before RP392 BEA Tuxedo versions 8.1 before RP293 WebLogic Enterprise versions 5.1 before RP174

Description The issue allows physically proximate attackers to obtain sensitive information via the (1) cnsbind, (2) cnsunbind, or (3) cnsls commands, as the password is echoed in cleartext.

Recommendations For BEA Tuxedo versions 8.0 before RP392, update to a version that includes RP392 or later to resolve the issue. For BEA Tuxedo versions 8.1 before RP293, update to a version that includes RP293 or later to resolve the issue. For WebLogic Enterprise versions 5.1 before RP174, update to a version that includes RP174 or later to resolve the issue.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2007-5576

Produtos afetados

Bea Tuxedo

Weblogic Enterprise

PT-2007-6597 · Oracle · Weblogic Enterprise+1

CVE-2007-5576

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6