CVE-2007-2700 Information

Description

The WLST script generated by the configToScript command in BEA WebLogic Express and WebLogic Server 9.0 and 9.1 does not encrypt certain attributes in configuration files when creating a new domain which allows remote authenticated users to obtain sensitive information.

Reference

http://dev2dev.bea.com/pub/advisory/233 http://osvdb.org/36068 http://secunia.com/advisories/25284 http://securitytracker.com/id?1018057 http://www.vupen.com/english/advisories/2007/1815 https://exchange.xforce.ibmcloud.com/vulnerabilities/34288