CVE-2003-1222
First published: Wed Dec 31 2003(Updated: )
BEA Weblogic Express and Server 8.0 through 8.1 SP 1, when using a foreign Java Message Service (JMS) provider, echoes the password for the foreign provider to the console and stores it in cleartext in config.xml, which could allow attackers to obtain the password.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle WebLogic Server | =8.1 | |
| Oracle WebLogic Server | =8.1 | |
| Oracle WebLogic Server | =8.1-sp1 | |
| Oracle WebLogic Server | =8.1-sp1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2003-1222?
CVE-2003-1222 is considered to be of medium severity due to the potential exposure of sensitive information.
How do I fix CVE-2003-1222?
To fix CVE-2003-1222, ensure that passwords are not echoed to the console and are stored securely, avoiding cleartext in config.xml.
Which versions are affected by CVE-2003-1222?
CVE-2003-1222 affects BEA WebLogic Express and Server versions 8.0 and 8.1 SP1.
What type of information is exposed in CVE-2003-1222?
CVE-2003-1222 exposes the password for the foreign Java Message Service (JMS) provider.
Why is CVE-2003-1222 a concern for security?
CVE-2003-1222 is a concern because it allows attackers to easily obtain passwords stored in cleartext, leading to unauthorized access.
- agent/references
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/weakness
- agent/severity
- agent/author
- agent/last-modified-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- vendor/bea
- vendor/weblogic server
- agent/software-canonical-lookup-request
- collector/nvd-index
- canonical/oracle weblogic server
- version/oracle weblogic server/8.1
- version/oracle weblogic server/8.1-sp1