CVE-2003-1224Weblogic Server vulnerability

4 documents4 sources
Severity
2.1LOWNVD
EPSS
0.1%
top 80.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
BEA Weblogic Server
Timeline
PublishedDec 31
Latest updateApr 29

Description

Weblogic.admin for BEA WebLogic Server and Express 7.0 and 7.0.0.1 displays the JDBCConnectionPoolRuntimeMBean password to the screen in cleartext, which allows attackers to read a user's password by physically observing ("shoulder surfing") the screen.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

NVDbea/weblogic_server7.0, 7.0.0.1+1

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-qp67-ccp4-w9jv: Weblogic2022-04-29
CVEList
CVE-2003-1224: Weblogic2005-08-16

💥Exploits & PoCs

1
Exploit-DB
Mozilla Browsers - 0xAD (HOST:) Remote Heap Buffer Overrun (2)2005-09-22
CVE-2003-1224 — BEA Weblogic Server vulnerability | cvebase