CVE-2005-4755

Опубликовано: 31 дек. 2005

Источник: nvd

CVSS2: 2.1

EPSS Низкий

Описание

BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier (1) stores the private key passphrase (CustomTrustKeyStorePassPhrase) in cleartext in nodemanager.config; or, during domain creation with the Configuration Wizard, renders an SSL private key passphrase in cleartext (2) on a terminal or (3) in a log file, which might allow local users to obtain cryptographic keys.

Ссылки

http://dev2dev.bea.com/pub/advisory/145
Patch
Vendor Advisory
http://dev2dev.bea.com/pub/advisory/150
Patch
Vendor Advisory
http://secunia.com/advisories/17138
Third Party Advisory
http://www.securityfocus.com/bid/15052
Third Party Advisory
VDB Entry
http://dev2dev.bea.com/pub/advisory/145
Patch
Vendor Advisory
http://dev2dev.bea.com/pub/advisory/150
Patch
Vendor Advisory
http://secunia.com/advisories/17138
Third Party Advisory
http://www.securityfocus.com/bid/15052
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:bea:weblogic_server:8.1:*:*:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:8.1:*:express:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:8.1:sp1:*:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:8.1:sp1:express:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:8.1:sp2:*:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:8.1:sp2:express:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:8.1:sp3:*:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:8.1:sp3:express:*:*:*:*:*

EPSS

Процентиль: 24%

0.00081

Низкий

2.1 Low

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-65wj-75vm-6g3g

github

почти 4 года назад