Lucene search
HistoryMay 24, 2005 - 4:00 a.m.
CVE-2005-1745
cve-2005-1745
bea
weblogic portal
userlogin control
password exposure
security vulnerability
4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
9.5 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
41.1%
The UserLogin control in BEA WebLogic Portal 8.1 through Service Pack 3 prints the password to standard output when an incorrect login attempt is made, which could make it easier for attackers to guess the correct password.
Affected configurations
Node
beaweblogic_serverMatch6.0
ORbeaweblogic_serverMatch6.0express
ORbeaweblogic_serverMatch6.0win32
ORbeaweblogic_serverMatch6.0sp1
ORbeaweblogic_serverMatch6.0sp1express
ORbeaweblogic_serverMatch6.0sp1win32
ORbeaweblogic_serverMatch6.0sp2
ORbeaweblogic_serverMatch6.0sp2express
ORbeaweblogic_serverMatch6.0sp2win32
ORbeaweblogic_serverMatch6.1
ORbeaweblogic_serverMatch6.1express
ORbeaweblogic_serverMatch6.1win32
ORbeaweblogic_serverMatch6.1sp1
ORbeaweblogic_serverMatch6.1sp1express
ORbeaweblogic_serverMatch6.1sp1win32
ORbeaweblogic_serverMatch6.1sp2
ORbeaweblogic_serverMatch6.1sp2express
ORbeaweblogic_serverMatch6.1sp2win32
ORbeaweblogic_serverMatch6.1sp3
ORbeaweblogic_serverMatch6.1sp3express
ORbeaweblogic_serverMatch6.1sp3win32
ORbeaweblogic_serverMatch6.1sp4
ORbeaweblogic_serverMatch6.1sp4express
ORbeaweblogic_serverMatch6.1sp4win32
ORbeaweblogic_serverMatch6.1sp5
ORbeaweblogic_serverMatch6.1sp5express
ORbeaweblogic_serverMatch6.1sp5win32
ORbeaweblogic_serverMatch6.1sp6
ORbeaweblogic_serverMatch6.1sp6win32
ORbeaweblogic_serverMatch7.0
ORbeaweblogic_serverMatch7.0express
ORbeaweblogic_serverMatch7.0win32
ORbeaweblogic_serverMatch7.0sp1
ORbeaweblogic_serverMatch7.0sp1express
ORbeaweblogic_serverMatch7.0sp1win32
ORbeaweblogic_serverMatch7.0sp2
ORbeaweblogic_serverMatch7.0sp2express
ORbeaweblogic_serverMatch7.0sp2win32
ORbeaweblogic_serverMatch7.0sp3
ORbeaweblogic_serverMatch7.0sp3express
ORbeaweblogic_serverMatch7.0sp3win32
ORbeaweblogic_serverMatch7.0sp4
ORbeaweblogic_serverMatch7.0sp4express
ORbeaweblogic_serverMatch7.0sp4win32
ORbeaweblogic_serverMatch7.0sp5
ORbeaweblogic_serverMatch7.0sp5express
ORbeaweblogic_serverMatch7.0sp5win32
ORbeaweblogic_serverMatch7.0.0.1
ORbeaweblogic_serverMatch7.0.0.1express
ORbeaweblogic_serverMatch7.0.0.1win32
ORbeaweblogic_serverMatch7.0.0.1sp1
ORbeaweblogic_serverMatch7.0.0.1sp1express
ORbeaweblogic_serverMatch7.0.0.1sp1win32
ORbeaweblogic_serverMatch7.0.0.1sp2
ORbeaweblogic_serverMatch7.0.0.1sp2express
ORbeaweblogic_serverMatch7.0.0.1sp2win32
ORbeaweblogic_serverMatch7.0.0.1sp3
ORbeaweblogic_serverMatch7.0.0.1sp3express
ORbeaweblogic_serverMatch7.0.0.1sp4
ORbeaweblogic_serverMatch7.0.0.1sp4express
ORbeaweblogic_serverMatch8.1
ORbeaweblogic_serverMatch8.1express
ORbeaweblogic_serverMatch8.1win32
ORbeaweblogic_serverMatch8.1sp1
ORbeaweblogic_serverMatch8.1sp1express
ORbeaweblogic_serverMatch8.1sp1win32
ORbeaweblogic_serverMatch8.1sp2
ORbeaweblogic_serverMatch8.1sp2express
ORbeaweblogic_serverMatch8.1sp2win32
ORbeaweblogic_serverMatch8.1sp3
ORbeaweblogic_serverMatch8.1sp3express
ORbeaweblogic_serverMatch8.1sp3win32
ORbeaweblogic_serverMatch8.1sp4
ORbeaweblogic_serverMatch8.1sp4express
ORbeaweblogic_serverMatch8.1sp4win32
ORoracleweblogic_portalMatch8.0
Related
nvd
nvd
CVE-2005-1745
2005-05-24 04:00:00
cvelist
cvelist
CVE-2005-1745
2005-05-24 04:00:00
nessus
nessus
BEA WebLogic <= 8.1 SP4 Multiple Vulnerabilities (XSS, DoS, ID, more)
2005-05-24 00:00:00
4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
9.5 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
41.1%
Related for CVE-2005-1745