CVE-2005-4761 — Weblogic Server vulnerability

3 documents3 sources

Severity

1.2LOWNVD

EPSS

0.1%

top 70.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

BEA Weblogic Server

Timeline

PublishedDec 31

Latest updateMay 1

Description

BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP5 and earlier, and 6.1 SP7 and earlier log the Java command line at server startup, which might include sensitive information (passwords or keyphrases) in the server log file when the -D option is used.

CVSS vector

AV:L/AC:H/C:P/I:N/A:NExploitability: 1.9 | Impact: 2.9

Affected Packages1 packages

▶NVDbea/weblogic_server6.1, 7.0, 8.1+2

Patches

Patch: dev2dev.bea.com ↗Patch: secunia.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-pxc2-7c94-q8j2: BEA WebLogic Server and WebLogic Express 8↗2022-05-01

▶

CVEList

CVE-2005-4761: BEA WebLogic Server and WebLogic Express 8↗2006-04-01

▶