CVE-2006-0423

Currently unrated

Key Information:

Vendor: Oracle
Status: Weblogic Portal
Vendor: CVE Published:; 25 January 2006

Summary

BEA WebLogic Portal 8.1 through SP3 stores the password for the RDBMS Authentication provider in cleartext in the config.xml file, which allows attackers to gain privileges.

References

http://www.vupen.com/english/advisories/2008/0613

vdb-entryx_refsource_VUPEN

https://exchange.xforce.ibmcloud.com/vulnerabilities/40705

vdb-entryx_refsource_XF

http://secunia.com/advisories/18593

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Jan 25, 2006
Vulnerability Reserved
Jan 25, 2006