Lucene search

MitreCVE-2005-4755

HistoryApr 01, 2006 - 2:00 a.m.

CVE-2005-4755

2006-04-0102:00:00

mitre

web.nvd.nist.gov

cve-2005-4755

bea weblogic server

weblogic express

private key passphrase

cleartext

nodemanager.config

configuration wizard

ssl

cryptographic keys

nvd

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.7

Confidence

Low

EPSS

Percentile

5.1%

JSON

BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier (1) stores the private key passphrase (CustomTrustKeyStorePassPhrase) in cleartext in nodemanager.config; or, during domain creation with the Configuration Wizard, renders an SSL private key passphrase in cleartext (2) on a terminal or (3) in a log file, which might allow local users to obtain cryptographic keys.

Affected configurations

Nvd

Node

beaweblogic_serverMatch8.1

beaweblogic_serverMatch8.1express

beaweblogic_serverMatch8.1sp1

beaweblogic_serverMatch8.1sp1express

beaweblogic_serverMatch8.1sp2

beaweblogic_serverMatch8.1sp2express

beaweblogic_serverMatch8.1sp3

beaweblogic_serverMatch8.1sp3express

VendorProductVersionCPE
beaweblogic_server8.1cpe:2.3:a:bea:weblogic_server:8.1:*:*:*:*:*:*:*
beaweblogic_server8.1cpe:2.3:a:bea:weblogic_server:8.1:*:express:*:*:*:*:*
beaweblogic_server8.1cpe:2.3:a:bea:weblogic_server:8.1:sp1:*:*:*:*:*:*
beaweblogic_server8.1cpe:2.3:a:bea:weblogic_server:8.1:sp1:express:*:*:*:*:*
beaweblogic_server8.1cpe:2.3:a:bea:weblogic_server:8.1:sp2:*:*:*:*:*:*
beaweblogic_server8.1cpe:2.3:a:bea:weblogic_server:8.1:sp2:express:*:*:*:*:*
beaweblogic_server8.1cpe:2.3:a:bea:weblogic_server:8.1:sp3:*:*:*:*:*:*
beaweblogic_server8.1cpe:2.3:a:bea:weblogic_server:8.1:sp3:express:*:*:*:*:*

Vendor	Product	Version	CPE
bea	weblogic_server	8.1	cpe:2.3:a:bea:weblogic_server:8.1:::::::*
bea	weblogic_server	8.1	cpe:2.3:a:bea:weblogic_server:8.1::express:::::
bea	weblogic_server	8.1	cpe:2.3:a:bea:weblogic_server:8.1:sp1::::::
bea	weblogic_server	8.1	cpe:2.3:a:bea:weblogic_server:8.1:sp1:express:::::*
bea	weblogic_server	8.1	cpe:2.3:a:bea:weblogic_server:8.1:sp2::::::
bea	weblogic_server	8.1	cpe:2.3:a:bea:weblogic_server:8.1:sp2:express:::::*
bea	weblogic_server	8.1	cpe:2.3:a:bea:weblogic_server:8.1:sp3::::::
bea	weblogic_server	8.1	cpe:2.3:a:bea:weblogic_server:8.1:sp3:express:::::*

References

dev2dev.bea.com/pub/advisory/145

dev2dev.bea.com/pub/advisory/150

secunia.com/advisories/17138

www.securityfocus.com/bid/15052

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.7

Confidence

Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2005-4755