Vulnerability CVE-2004-1758 - CERT Civis.Net

Vulnerability Name:

CVE-2004-1758 (CCN-15860)

Assigned:

2004-04-13

Published:

2004-04-13

Updated:

2017-07-11

Summary:

BEA WebLogic Server and WebLogic Express version 8.1 up to SP2, 7.0 up to SP4, and 6.1 up to SP6 may store the database username and password for an untargeted JDBC connection pool in plaintext in config.xml, which allows local users to gain privileges.

CVSS v3 Severity:

5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2004-1758

Source: CCN
Type: BEA Systems, Inc. Security Advisory (BEA04-53.00)
Patches are available to prevent password exposure.

Source: CONFIRM
Type: Patch, Vendor Advisory
http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_53.00.jsp

Source: CCN
Type: SA11357
BEA WebLogic Database Password Stored in Plain Text Issue

Source: SECUNIA
Type: UNKNOWN
11357

Source: CCN
Type: SECTRACK ID: 1009764
BEA WebLogic May Disclose Database Password Via `config.xml` For Untargeted JDBC Connection Pools

Source: SECTRACK
Type: UNKNOWN
1009764

Source: CCN
Type: US-CERT VU#920238
BEA WebLogic Server stores database password in clear text in config.xml

Source: CERT-VN
Type: Patch, Third Party Advisory, US Government Resource
VU#920238

Source: OSVDB
Type: UNKNOWN
5297

Source: CCN
Type: OSVDB ID: 5297
BEA WebLogic config.xml Password Exposure

Source: BID
Type: Patch, Vendor Advisory
10131

Source: CCN
Type: BID-10131
BEA WebLogic Server/Express Potential Password Disclosure Weakness

Source: XF
Type: UNKNOWN
bea-configxml-plaintext-password(15860)

Source: XF
Type: UNKNOWN
bea-configxml-plaintext-password(15860)

Vulnerable Configuration:

Configuration 1:

cpe:/a:bea:weblogic_server:6.1:*:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:6.1:*:express:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:6.1:*:win32:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:6.1:sp1:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:6.1:sp1:express:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:6.1:sp1:win32:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:6.1:sp2:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:6.1:sp2:express:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:6.1:sp2:win32:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:6.1:sp3:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:6.1:sp3:express:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:6.1:sp4:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:6.1:sp4:express:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:6.1:sp5:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:6.1:sp5:express:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:6.1:sp6:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:7.0:*:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:7.0:*:express:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:7.0:*:win32:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:7.0:sp1:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:7.0:sp1:express:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:7.0:sp2:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:7.0:sp2:express:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:7.0:sp3:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:7.0:sp3:express:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:7.0:sp4:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:7.0:sp4:express:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:7.0:sp4:win32:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:8.1:*:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:8.1:*:express:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:8.1:*:win32:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:8.1:sp1:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:8.1:sp1:express:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:8.1:sp1:win32:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:8.1:sp2:*:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:8.1:sp2:express:*:*:*:*:*

OR cpe:/a:bea:weblogic_server:8.1:sp2:win32:*:*:*:*:*

Denotes that component is vulnerable