Vulnerability Description
BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores certain secrets concerning password encryption insecurely in config.xml, filerealm.properties, and weblogic-rar.xml, which allows local users to learn those secrets and decrypt passwords.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bea | Weblogic Server | 7.0 |
References
- http://dev2dev.bea.com/pub/advisory/22
- http://www.securityfocus.com/bid/7563Patch
- http://www.securityfocus.com/bid/7587Patch
- http://dev2dev.bea.com/pub/advisory/22
- http://www.securityfocus.com/bid/7563Patch
- http://www.securityfocus.com/bid/7587Patch
FAQ
What is CVE-2003-1226?
CVE-2003-1226 is a vulnerability with a CVSS score of 2.1 (LOW). BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores certain secrets concerning password encryption insecurely in config.xml, filerealm.properties, and weblogic-rar.xml, which allows local users to ...
How severe is CVE-2003-1226?
CVE-2003-1226 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-1226?
Check the references section above for vendor advisories and patch information. Affected products include: Bea Weblogic Server.