Lucene search

[email protected]CVE-2004-1758

HistoryMar 10, 2005 - 5:00 a.m.

CVE-2004-1758

2005-03-1005:00:00

[email protected]

web.nvd.nist.gov

cve-2004-1758

bea weblogic server

bea weblogic express

database security

plain text credentials

local privilege escalation

7.1 High

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0005 Low

EPSS

Percentile

15.8%

JSON

BEA WebLogic Server and WebLogic Express version 8.1 up to SP2, 7.0 up to SP4, and 6.1 up to SP6 may store the database username and password for an untargeted JDBC connection pool in plaintext in config.xml, which allows local users to gain privileges.

Affected configurations

NVD

Node

beaweblogic_serverMatch6.1

beaweblogic_serverMatch6.1express

beaweblogic_serverMatch6.1win32

beaweblogic_serverMatch6.1sp1

beaweblogic_serverMatch6.1sp1express

beaweblogic_serverMatch6.1sp1win32

beaweblogic_serverMatch6.1sp2

beaweblogic_serverMatch6.1sp2express

beaweblogic_serverMatch6.1sp2win32

beaweblogic_serverMatch6.1sp3

beaweblogic_serverMatch6.1sp3express

beaweblogic_serverMatch6.1sp4

beaweblogic_serverMatch6.1sp4express

beaweblogic_serverMatch6.1sp5

beaweblogic_serverMatch6.1sp5express

beaweblogic_serverMatch6.1sp6

beaweblogic_serverMatch7.0

beaweblogic_serverMatch7.0express

beaweblogic_serverMatch7.0win32

beaweblogic_serverMatch7.0sp1

beaweblogic_serverMatch7.0sp1express

beaweblogic_serverMatch7.0sp2

beaweblogic_serverMatch7.0sp2express

beaweblogic_serverMatch7.0sp3

beaweblogic_serverMatch7.0sp3express

beaweblogic_serverMatch7.0sp4

beaweblogic_serverMatch7.0sp4express

beaweblogic_serverMatch7.0sp4win32

beaweblogic_serverMatch8.1

beaweblogic_serverMatch8.1express

beaweblogic_serverMatch8.1win32

beaweblogic_serverMatch8.1sp1

beaweblogic_serverMatch8.1sp1express

beaweblogic_serverMatch8.1sp1win32

beaweblogic_serverMatch8.1sp2

beaweblogic_serverMatch8.1sp2express

beaweblogic_serverMatch8.1sp2win32

CPENameOperatorVersion
bea:weblogic_serverbea weblogic servereq6.1
bea:weblogic_serverbea weblogic servereq7.0
bea:weblogic_serverbea weblogic servereq8.1

CPE	Name	Operator	Version
bea:weblogic_server	bea weblogic server	eq	6.1
bea:weblogic_server	bea weblogic server	eq	7.0
bea:weblogic_server	bea weblogic server	eq	8.1

References

dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_53.00.jsp

secunia.com/advisories/11357

securitytracker.com/id?1009764

www.kb.cert.org/vuls/id/920238

www.osvdb.org/5297

www.securityfocus.com/bid/10131

exchange.xforce.ibmcloud.com/vulnerabilities/15860

7.1 High

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0005 Low

EPSS

Percentile

15.8%

JSON

Related for CVE-2004-1758

nvd1 cvelist1