正文

BEA系统WebLogic多个密码存储漏洞

admin
admin V管理员 /0 评论 /12 阅读
1231
此篇文章发布距今已超过1236天,您需要注意文章的内容或图片是否可用!

漏洞信息详情

BEA系统WebLogic多个密码存储漏洞

  • CNNVD编号:CNNVD-200312-388
    • <!--
  • 危害等级: 低危-->
  • 危害等级: 低危
  • CVE编号: CVE-2003-1224
  • 漏洞类型: 设计错误
  • 发布时间: 2003-12-31
  • 威胁类型: 本地
  • 更新时间: 2005-10-20
  • 厂        商: bea
  • 漏洞来源: Vulnerability anno...

漏洞简介

BEA WebLogic Server以及Express 7.0版本和7.0.0.1版本的Weblogic.admin在明文中将JDBCConnectionPoolRuntimeMBean密码显示到屏幕上,攻击者可以通过物理观察(\"shoulder surfing\")屏幕来读取用户密码。

漏洞公告

BEA has made fixes available which require upgrading to a minimum of Service Pack 2 of the respective release train. BEA Systems WebLogic Express 7.0 SP 2

  • BEA Systems CR104520_700sp2.zip ftp://ftpna.beasys.com/pub/releases/security/CR104520_700sp2.zip
BEA Systems WebLogic Server for Win32 7.0 SP 1
  • BEA Systems CR104520_700sp2.zip ftp://ftpna.beasys.com/pub/releases/security/CR104520_700sp2.zip
BEA Systems WebLogic Server for Win32 7.0 .0.1
  • BEA Systems CR104520_700sp2.zip ftp://ftpna.beasys.com/pub/releases/security/CR104520_700sp2.zip
BEA Systems WebLogic Express for Win32 7.0 .0.1 SP 1
  • BEA Systems CR104520_700sp2.zip ftp://ftpna.beasys.com/pub/releases/security/CR104520_700sp2.zip
BEA Systems WebLogic Server for Win32 7.0
  • BEA Systems CR104520_700sp2.zip ftp://ftpna.beasys.com/pub/releases/security/CR104520_700sp2.zip
BEA Systems WebLogic Express 7.0 .0.1
  • BEA Systems CR104520_700sp2.zip ftp://ftpna.beasys.com/pub/releases/security/CR104520_700sp2.zip
BEA Systems Weblogic Server 7.0 .0.1 SP 2
  • BEA Systems CR104520_700sp2.zip ftp://ftpna.beasys.com/pub/releases/security/CR104520_700sp2.zip
BEA Systems WebLogic Express for Win32 7.0 SP 1
  • BEA Systems CR104520_700sp2.zip ftp://ftpna.beasys.com/pub/releases/security/CR104520_700sp2.zip
BEA Systems WebLogic Express 7.0 .0.1 SP 2
  • BEA Systems CR104520_700sp2.zip ftp://ftpna.beasys.com/pub/releases/security/CR104520_700sp2.zip
BEA Systems WebLogic Express for Win32 7.0
  • BEA Systems CR104520_700sp2.zip ftp://ftpna.beasys.com/pub/releases/security/CR104520_700sp2.zip
BEA Systems Weblogic Server 7.0 .0.1
  • BEA Systems CR104520_700sp2.zip ftp://ftpna.beasys.com/pub/releases/security/CR104520_700sp2.zip
BEA Systems WebLogic Express for Win32 7.0 .0.1
  • BEA Systems CR104520_700sp2.zip ftp://ftpna.beasys.com/pub/releases/security/CR104520_700sp2.zip
BEA Systems WebLogic Express 7.0 .0.1 SP 1
  • BEA Systems CR104520_700sp2.zip ftp://ftpna.beasys.com/pub/releases/security/CR104520_700sp2.zip
BEA Systems Weblogic Server 7.0 .0.1 SP 1
  • BEA Systems CR104520_700sp2.zip ftp://ftpna.beasys.com/pub/releases/security/CR104520_700sp2.zip
BEA Systems WebLogic Express 7.0
  • BEA Systems CR104520_700sp2.zip ftp://ftpna.beasys.com/pub/releases/security/CR104520_700sp2.zip
BEA Systems WebLogic Server for Win32 7.0 .0.1 SP 2
  • BEA Systems CR104520_700sp2.zip ftp://ftpna.beasys.com/pub/releases/security/CR104520_700sp2.zip
BEA Systems WebLogic Express for Win32 7.0 SP 2
  • BEA Systems CR104520_700sp2.zip ftp://ftpna.beasys.com/pub/releases/security/CR104520_700sp2.zip
BEA Systems Weblogic Server 7.0 SP 2
  • BEA Systems CR104520_700sp2.zip ftp://ftpna.beasys.com/pub/releases/security/CR104520_700sp2.zip
BEA Systems WebLogic Server for Win32 7.0 .0.1 SP 1
  • BEA Systems CR104520_700sp2.zip ftp://ftpna.beasys.com/pub/releases/security/CR104520_700sp2.zip
BEA Systems Weblogic Server 7.0 SP 1
  • BEA Systems CR104520_700sp2.zip ftp://ftpna.beasys.com/pub/releases/security/CR104520_700sp2.zip
BEA Systems WebLogic Express for Win32 7.0 .0.1 SP 2
  • BEA Systems CR104520_700sp2.zip ftp://ftpna.beasys.com/pub/releases/security/CR104520_700sp2.zip
BEA Systems WebLogic Server for Win32 7.0 SP 2
  • BEA Systems CR104520_700sp2.zip ftp://ftpna.beasys.com/pub/releases/security/CR104520_700sp2.zip
BEA Systems Weblogic Server 7.0
  • BEA Systems CR104520_700sp2.zip ftp://ftpna.beasys.com/pub/releases/security/CR104520_700sp2.zip
BEA Systems WebLogic Express 7.0 SP 1
  • BEA Systems CR104520_700sp2.zip ftp://ftpna.beasys.com/pub/releases/security/CR104520_700sp2.zip

参考网址

来源: BID 名称: 7563 链接:http://www.securityfocus.com/bid/7563 来源: BEA 名称: BEA03-30.00 链接:http://dev2dev.bea.com/pub/advisory/22

受影响实体

  • Bea Weblogic_server:7.0:Sp4:Win32  
    <!--
    2000-1-1
    -->
  • Bea Weblogic_server:7.0:Sp3:Win32  
    <!--
    2000-1-1
    -->
  • Bea Weblogic_server:7.0:Sp3:Express  
    <!--
    2000-1-1
    -->
  • Bea Weblogic_server:7.0:Sp3  
    <!--
    2000-1-1
    -->
  • Bea Weblogic_server:7.0:Sp2:Win32  
    <!--
    2000-1-1
    -->

补丁

    暂无