CVE-2004-1758 Information

Description

BEA WebLogic Server and WebLogic Express version 8.1 up to SP2 7.0 up to SP4 and 6.1 up to SP6 may store the database username and password for an untargeted JDBC connection pool in plaintext in config.xml which allows local users to gain privileges.

Reference

http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_53.00.jsp http://secunia.com/advisories/11357 http://securitytracker.com/id?1009764 http://www.kb.cert.org/vuls/id/920238 http://www.osvdb.org/5297 http://www.securityfocus.com/bid/10131 https://exchange.xforce.ibmcloud.com/vulnerabilities/15860