Vulnerability Description
The WLST script generated by the configToScript command in BEA WebLogic Express and WebLogic Server 9.0 and 9.1 does not encrypt certain attributes in configuration files when creating a new domain, which allows remote authenticated users to obtain sensitive information.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bea | Weblogic Server | 9.0 |
References
- http://dev2dev.bea.com/pub/advisory/233
- http://osvdb.org/36068
- http://secunia.com/advisories/25284Vendor Advisory
- http://securitytracker.com/id?1018057
- http://www.vupen.com/english/advisories/2007/1815
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34288
- http://dev2dev.bea.com/pub/advisory/233
- http://osvdb.org/36068
- http://secunia.com/advisories/25284Vendor Advisory
- http://securitytracker.com/id?1018057
- http://www.vupen.com/english/advisories/2007/1815
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34288
FAQ
What is CVE-2007-2700?
CVE-2007-2700 is a vulnerability with a CVSS score of 4.0 (MEDIUM). The WLST script generated by the configToScript command in BEA WebLogic Express and WebLogic Server 9.0 and 9.1 does not encrypt certain attributes in configuration files when creating a new domain, w...
How severe is CVE-2007-2700?
CVE-2007-2700 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-2700?
Check the references section above for vendor advisories and patch information. Affected products include: Bea Weblogic Server.