PT-2007-6597 · Oracle · Weblogic Enterprise+1

Published

2007-10-18

Updated

2018-10-30

CVE-2007-5576

CVSS v2.0

6.8

Medium

Vector

AV:L/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions BEA Tuxedo versions 8.0 before RP392 BEA Tuxedo versions 8.1 before RP293 WebLogic Enterprise versions 5.1 before RP174

Description The issue allows physically proximate attackers to obtain sensitive information via the (1) cnsbind, (2) cnsunbind, or (3) cnsls commands, as the password is echoed in cleartext.

Recommendations For BEA Tuxedo versions 8.0 before RP392, update to a version that includes RP392 or later to resolve the issue. For BEA Tuxedo versions 8.1 before RP293, update to a version that includes RP293 or later to resolve the issue. For WebLogic Enterprise versions 5.1 before RP174, update to a version that includes RP174 or later to resolve the issue.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2007-5576

Affected Products

Bea Tuxedo

Weblogic Enterprise

PT-2007-6597 · Oracle · Weblogic Enterprise+1

CVE-2007-5576

Weakness Enumeration

Related Identifiers

Affected Products

References · 6