CVE-2007-2700
First published: Wed May 16 2007(Updated: )
The WLST script generated by the configToScript command in BEA WebLogic Express and WebLogic Server 9.0 and 9.1 does not encrypt certain attributes in configuration files when creating a new domain, which allows remote authenticated users to obtain sensitive information.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle WebLogic Server | =9.0 | |
| Oracle WebLogic Server | =9.0 | |
| Oracle WebLogic Server | =9.1 | |
| Oracle WebLogic Server | =9.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2007-2700?
CVE-2007-2700 has been classified as a moderate severity vulnerability.
How do I fix CVE-2007-2700?
To fix CVE-2007-2700, ensure you upgrade to a patched version of Oracle WebLogic Server beyond 9.1.
What types of sensitive information can be exposed by CVE-2007-2700?
CVE-2007-2700 can potentially expose unencrypted usernames, passwords, and other sensitive configuration attributes.
Who can exploit the CVE-2007-2700 vulnerability?
Remote authenticated users can exploit the CVE-2007-2700 vulnerability to access sensitive information.
Which versions of Oracle WebLogic Server are affected by CVE-2007-2700?
CVE-2007-2700 affects Oracle WebLogic Server versions 9.0 and 9.1.
- agent/references
- agent/author
- agent/type
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- agent/description
- agent/weakness
- agent/severity
- vendor/bea
- canonical/oracle weblogic server
- version/oracle weblogic server/9.0
- version/oracle weblogic server/9.1