Vulnerability Description
BEA WebLogic Server and WebLogic Express version 8.1 up to SP2, 7.0 up to SP4, and 6.1 up to SP6 may store the database username and password for an untargeted JDBC connection pool in plaintext in config.xml, which allows local users to gain privileges.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bea | Weblogic Server | 6.1 |
References
- http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_53.00.jspPatchVendor Advisory
- http://secunia.com/advisories/11357
- http://securitytracker.com/id?1009764
- http://www.kb.cert.org/vuls/id/920238PatchThird Party AdvisoryUS Government Resource
- http://www.osvdb.org/5297
- http://www.securityfocus.com/bid/10131PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15860
- http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_53.00.jspPatchVendor Advisory
- http://secunia.com/advisories/11357
- http://securitytracker.com/id?1009764
- http://www.kb.cert.org/vuls/id/920238PatchThird Party AdvisoryUS Government Resource
- http://www.osvdb.org/5297
- http://www.securityfocus.com/bid/10131PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15860
FAQ
What is CVE-2004-1758?
CVE-2004-1758 is a vulnerability with a CVSS score of 4.6 (MEDIUM). BEA WebLogic Server and WebLogic Express version 8.1 up to SP2, 7.0 up to SP4, and 6.1 up to SP6 may store the database username and password for an untargeted JDBC connection pool in plaintext in con...
How severe is CVE-2004-1758?
CVE-2004-1758 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-1758?
Check the references section above for vendor advisories and patch information. Affected products include: Bea Weblogic Server.