CVE-2003-1226
Published Dec 31, 2003
Last updated 16 years ago
Overview
- Description
- BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores certain secrets concerning password encryption insecurely in config.xml, filerealm.properties, and weblogic-rar.xml, which allows local users to learn those secrets and decrypt passwords.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 2.1
- Impact score
- 2.9
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F9C5AFCF-79D8-4005-B800-B0C6BD461276"
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:7.0:*:express:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FBDF3AC0-0680-4EEE-898C-47D194667BE2"
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:7.0:*:win32:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8DEDDAF2-555D-4425-B4B6-65B1E9C21FF1"
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6828CE4B-91E8-4688-977F-DC7BC21131C8"
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp1:express:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BBDB9094-78E8-4CBF-9F5F-321D5174F1EC"
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp1:win32:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9CD2BB36-AC0B-48E9-91E1-A4465896E87A"
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E141AA86-C6D0-4FA8-9268-0FB0635DF9CF"
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp2:express:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6FB8930F-C6D8-40B9-8D08-751F5B47229B"
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp4:win32:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "935F28E3-9799-4EF6-AB83-62E9C214DD0D"
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "74AE35FF-AC1C-435B-8CE9-F40AFFFA3A46"
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:express:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "25C711BB-E7E0-41D8-985E-5DD386C54637"
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:win32:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "38EFE72C-10E5-4EED-B016-D914FA52DE6F"
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "32E8797D-1B62-4480-A79D-0345E65699E8"
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:express:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "071FAD20-D502-4634-852A-4CD06FE8E114"
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:win32:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "97E6F518-D320-4655-B698-2D1A82CA3EDA"
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2FC1486C-6AC4-44F7-9015-40FD4A341C38"
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:express:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AB5909DB-B2E2-4358-9D45-C225C6B02360"
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:win32:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "04C3F96B-A1FF-4E3E-B059-366E176E5E19"
}
],
"operator": "OR"
}
]
}
]