CVE-2007-0413

BEA WebLogic Server 8.1 through 8.1 SP5 stores cleartext data in a backup of config.xml after offline editing, which allows local users to obtain sensitive information by reading this backup file...

CVE-2007-0413

CVE-2007-0413 - MODE C BEA WebLogic Server versions 8.1 through 8.1 SP5 store cleartext data in a backup of config.xml after offline editing. This allows local users to obtain sensitive information by reading the backup file. The vulnerability is due to storing sensitive configuration data in an ...

BEA产品多个远程安全漏洞

BEA Systems WebLogic包含多种应用系统集成方案，包括Server/Express/Integration等。 BEA Weblogic中存在多个安全漏洞，可能允许恶意攻击者获得敏感信息、绕过某些安全限制、导致拒绝服务或完全入侵系统。 这些漏洞包括： 1 SSL库中的漏洞可能允许判断明文块； 2 从缓存重用连接时服务器没有正确地验证客户端证书，导致攻击者可以通过X.509证书访问Web服务器。成功攻击要求应用程序允许通过单个客户端进程访问多个用户； 3 存储在JDBCDataSourceFactory MBean Properties属性中的口令没有加密； 4...

INCA IM-204 Dsl several vulnerabilities

======================================== INCA IM-204 Dsl several vulnerabilities ======================================== Found By CrackersChild crackerschild at sibersavascilar dot com email concealed ========================================== Directory transversal...

CVE-2006-0423

BEA WebLogic Portal 8.1 through SP3 stores the RDBMS Authentication provider password in cleartext in config.xml, allowing privilege escalation. Affected component: WebLogic Portal configuration for RDBMS auth. Root cause: cleartext password storage in config.xml. Impact: partial confidentiality ...

Confluence is not using the seraph logout url to define how to log out.

We need to update our use of seraph to delegate the definition of the logout url to seraph-config.xml h2. Workaround for Confluence 5.7.2 and older Find and copy /confluence/WEB-INF/lib/confluence-x.x.x.jar to a temp location with "x.x.x" representing your Confluence version number Extract the...

CVE-2004-2454

aMSN 0.90 for Microsoft Windows allows local users to obtain sensitive information such as hashed passwords from 1 hotlog.htm and 2 config.xml...

CVE-2004-2454

CVE-2004-2454 affects aMSN 0.90 for Windows . The vulnerability allows local users to obtain sensitive information, specifically hashed passwords, from hotlog.htm and config.xml . The root cause is described at a high level as an information-disclosure flaw; explicit technical details such as exa...

CVE-2003-1226

The CVE-2003-1226 entry concerns BEA WebLogic Server and Express versions 7.0 and 7.0.0.1 where secrets used for password encryption are stored insecurely in config.xml, filerealm.properties, and weblogic-rar.xml. This storage flaw enables a local attacker to read those secrets and decrypt passwo...

CVE-2003-1222

CVE-2003-1222 affects BEA WebLogic Express/Server 8.0–8.1 SP1 when using a foreign JMS provider. The underlying issue is that the system echoes the foreign provider password to the console and stores it in cleartext in config.xml, enabling an attacker to obtain the password. The description does ...

CVE-2004-1757

BEA WebLogic Server and Express 8.1, SP1 and earlier, stores the administrator password in cleartext in config.xml, which allows local users to gain privileges...

BEA WebLogic Server stores database password in clear text in "config.xml"

Overview WebLogic Server contains a vulnerability that may expose the database username and password in clear text in the config.xml file. Description BEA Systems describes WebLogic Server as "an industrial-strength application infrastructure for developing, integrating, securing, and managing...

should be able to login only via https

you should be able to configure JIRA to login via HTTPS. this is almost possible in 2.4.1. You can specify an https URL in security-config.xml as the login.url parameter. this makes loing links from e.g. the issue view page work correctly. a slight problem here is that the session remiains in the...