Family: CGI abuses --> Category: infos
BEA WebLogic Operator/Admin Password Disclosure Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Checks the version of WebLogic
Detailed Explanation for this Vulnerability Test
The remote web server is running WebLogic.
BEA WebLogic Server and WebLogic Express are reported prone to a vulnerability
that may result in the disclosure of Operator or Admin passwords. A possible hacker
who has interactive access to the affected managed server, may potentially
exploit this issue in a timed attack to harvest credentials when the managed
server fails during the boot process.
Solution : http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_51.00.jsp
Threat Level: Low
Click HERE for more information and discussions on this network vulnerability scan.