Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The configuration tools (1) config.sh in Unix or (2) config.cmd in Windows for BEA WebLogic Server 8.1 through SP2 create a log file that contains the administrative username and password in cleartext, which could allow local users to gain privileges.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
BEA WebLogic Server和WebLogic Express配置工具日志文件明文密码漏洞
Vulnerability Description
BEA Systems WebLogic包含多种应用系统集成方案,包括Server/Express/Integration等。 BEA WebLogic Server和WebLogic Express存在设计错误,可导致受影响的配置工具产生日志文件时记录明文密码。 当使用config.sh或者config.cmd配置工具时,产生的日志文件包含明文的管理员用户名和密码信息,本地攻击者可以获得这些信息对站点进行攻击。
CVSS Information
N/A
Vulnerability Type
N/A