CVE-2003-1226

Published Dec 31, 2003

Last updated a month ago

CVSS info 2.1

Overview

Description: BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores certain secrets concerning password encryption insecurely in config.xml, filerealm.properties, and weblogic-rar.xml, which allows local users to learn those secrets and decrypt passwords.
Source: cve@mitre.org
NVD status: Deferred

Risk scores

CVSS 2.0

Type: Primary
Base score: 2.1
Impact score: 2.9
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F9C5AFCF-79D8-4005-B800-B0C6BD461276"
          },
          {
            "criteria": "cpe:2.3:a:bea:weblogic_server:7.0:*:express:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FBDF3AC0-0680-4EEE-898C-47D194667BE2"
          },
          {
            "criteria": "cpe:2.3:a:bea:weblogic_server:7.0:*:win32:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8DEDDAF2-555D-4425-B4B6-65B1E9C21FF1"
          },
          {
            "criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6828CE4B-91E8-4688-977F-DC7BC21131C8"
          },
          {
            "criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp1:express:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BBDB9094-78E8-4CBF-9F5F-321D5174F1EC"
          },
          {
            "criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp1:win32:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9CD2BB36-AC0B-48E9-91E1-A4465896E87A"
          },
          {
            "criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E141AA86-C6D0-4FA8-9268-0FB0635DF9CF"
          },
          {
            "criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp2:express:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6FB8930F-C6D8-40B9-8D08-751F5B47229B"
          },
          {
            "criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp4:win32:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "935F28E3-9799-4EF6-AB83-62E9C214DD0D"
          },
          {
            "criteria": "cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "74AE35FF-AC1C-435B-8CE9-F40AFFFA3A46"
          },
          {
            "criteria": "cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:express:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "25C711BB-E7E0-41D8-985E-5DD386C54637"
          },
          {
            "criteria": "cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:win32:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "38EFE72C-10E5-4EED-B016-D914FA52DE6F"
          },
          {
            "criteria": "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "32E8797D-1B62-4480-A79D-0345E65699E8"
          },
          {
            "criteria": "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:express:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "071FAD20-D502-4634-852A-4CD06FE8E114"
          },
          {
            "criteria": "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:win32:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "97E6F518-D320-4655-B698-2D1A82CA3EDA"
          },
          {
            "criteria": "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2FC1486C-6AC4-44F7-9015-40FD4A341C38"
          },
          {
            "criteria": "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:express:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AB5909DB-B2E2-4358-9D45-C225C6B02360"
          },
          {
            "criteria": "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:win32:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "04C3F96B-A1FF-4E3E-B059-366E176E5E19"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References