|
Family: CGI abuses --> Category: infos
WebLogic clear-text passwords Vulnerability Scan
Vulnerability Scan Summary Checks the version of WebLogic
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server is affected to information disclosure issues.
Description :
The remote web server is running WebLogic 7.0 or 7.0.0.1.
There is a bug in these versions that may allow a local attacker to
recover a WebLogic password if he can see the screen of the WebLogic
server.
In addition, a local user may be able to view cryptographic secrets,
thereby facilitating cracking of encrypted passwords.
See also :
http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-30.jsp
Solutions :
Apply Service Pack 3 or later.
Threat Level:
Low / CVSS Base Score : 1
(AV:L/AC:L/Au:R/C:P/I:N/A:N/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|