CVE-2004-1758
First published: Tue Apr 13 2004(Updated: )
BEA WebLogic Server and WebLogic Express version 8.1 up to SP2, 7.0 up to SP4, and 6.1 up to SP6 may store the database username and password for an untargeted JDBC connection pool in plaintext in config.xml, which allows local users to gain privileges.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle WebLogic Server | =6.1 | |
| Oracle WebLogic Server | =6.1 | |
| Oracle WebLogic Server | =6.1 | |
| Oracle WebLogic Server | =6.1-sp1 | |
| Oracle WebLogic Server | =6.1-sp1 | |
| Oracle WebLogic Server | =6.1-sp1 | |
| Oracle WebLogic Server | =6.1-sp2 | |
| Oracle WebLogic Server | =6.1-sp2 | |
| Oracle WebLogic Server | =6.1-sp2 | |
| Oracle WebLogic Server | =6.1-sp3 | |
| Oracle WebLogic Server | =6.1-sp3 | |
| Oracle WebLogic Server | =6.1-sp4 | |
| Oracle WebLogic Server | =6.1-sp4 | |
| Oracle WebLogic Server | =6.1-sp5 | |
| Oracle WebLogic Server | =6.1-sp5 | |
| Oracle WebLogic Server | =6.1-sp6 | |
| Oracle WebLogic Server | =7.0 | |
| Oracle WebLogic Server | =7.0 | |
| Oracle WebLogic Server | =7.0 | |
| Oracle WebLogic Server | =7.0-sp1 | |
| Oracle WebLogic Server | =7.0-sp1 | |
| Oracle WebLogic Server | =7.0-sp2 | |
| Oracle WebLogic Server | =7.0-sp2 | |
| Oracle WebLogic Server | =7.0-sp3 | |
| Oracle WebLogic Server | =7.0-sp3 | |
| Oracle WebLogic Server | =7.0-sp4 | |
| Oracle WebLogic Server | =7.0-sp4 | |
| Oracle WebLogic Server | =7.0-sp4 | |
| Oracle WebLogic Server | =8.1 | |
| Oracle WebLogic Server | =8.1 | |
| Oracle WebLogic Server | =8.1 | |
| Oracle WebLogic Server | =8.1-sp1 | |
| Oracle WebLogic Server | =8.1-sp1 | |
| Oracle WebLogic Server | =8.1-sp1 | |
| Oracle WebLogic Server | =8.1-sp2 | |
| Oracle WebLogic Server | =8.1-sp2 | |
| Oracle WebLogic Server | =8.1-sp2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_53.00.jsp
- http://www.kb.cert.org/vuls/id/920238
- http://www.securityfocus.com/bid/10131
- http://www.osvdb.org/5297
- http://securitytracker.com/id?1009764
- http://secunia.com/advisories/11357
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15860
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/references
- agent/remedy
- agent/severity
- agent/author
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/bea
- canonical/oracle weblogic server
- version/oracle weblogic server/6.1
- version/oracle weblogic server/6.1-sp1
- version/oracle weblogic server/6.1-sp2
- version/oracle weblogic server/6.1-sp3
- version/oracle weblogic server/6.1-sp4
- version/oracle weblogic server/6.1-sp5
- version/oracle weblogic server/6.1-sp6
- version/oracle weblogic server/7.0
- version/oracle weblogic server/7.0-sp1
- version/oracle weblogic server/7.0-sp2
- version/oracle weblogic server/7.0-sp3
- version/oracle weblogic server/7.0-sp4
- version/oracle weblogic server/8.1
- version/oracle weblogic server/8.1-sp1
- version/oracle weblogic server/8.1-sp2