Info

Disclosure

Apr 13, 2004

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

BEA WebLogic, contains a flaw that may lead to unauthorized information disclosure. This issue is trigerred when a knowledgeable attacker who can install and execute code, inserts some code , which will disclose the username and the password of the user who booted the server resulting in a loss of confidentiality

Classification

Location: Local Access Required
Attack Type: Authentication Management, Information Disclosure
Impact: Loss of Integrity
Exploit: Exploit Public
Disclosure: OSVDB Verified

Solution

Upgrade to the latest available Service Pack or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

BEA Systems, Inc.	WebLogic Express	7.0
		7.0 SP1
		7.0 SP2
		7.0 SP3
		7.0 SP4
		8.0
		8.0 SP1
	WebLogic Server	7.0
		7.0 SP1
		7.0 SP2
		7.0 SP3
		7.0 SP4
		8.0
		8.0 SP1

References

Bugtraq ID: 10133
Secunia Advisory ID: 11359
ISS X-Force ID: 15865
CVE ID: 2004-0652 (see also: NVD)
CERT VU: 352110
SCIP VulDB ID: 611
Keyword: administrative BEA WebLogic password disclosure
Vendor Specific Advisory URL: http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_55.00.jsp
Other Advisory URL: http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_55.00.jsp

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/5296

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

BEA Systems, Inc.

WebLogic Express

WebLogic Server

References

Credit