CVE-2005-4755 — Weblogic Server vulnerability

4 documents4 sources

Severity

2.1LOWNVD

EPSS

0.1%

top 76.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

BEA Weblogic Server

Timeline

PublishedDec 31

Latest updateMay 1

Description

BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier (1) stores the private key passphrase (CustomTrustKeyStorePassPhrase) in cleartext in nodemanager.config; or, during domain creation with the Configuration Wizard, renders an SSL private key passphrase in cleartext (2) on a terminal or (3) in a log file, which might allow local users to obtain cryptographic keys.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

▶NVDbea/weblogic_server8.1

Patches

Patch: dev2dev.bea.com ↗Patch: dev2dev.bea.com ↗Patch: dev2dev.bea.com ↗

🔴Vulnerability Details

GHSA

GHSA-65wj-75vm-6g3g: BEA WebLogic Server and WebLogic Express 8↗2022-05-01

▶

CVEList

CVE-2005-4755: BEA WebLogic Server and WebLogic Express 8↗2006-04-01

▶

💥Exploits & PoCs

Exploit-DB

Apple Mac OSX Adobe Version Cue - Local Privilege Escalation↗2004-12-08

▶