Description
BEA WebLogic Server 6.1, 7.0 and 7.0.0.1, when routing messages to a JMS target domain that is inaccessible, may leak the user's password when it throws a ResourceAllocationException.
References (4)
Core 4
Core References
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/6586
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/331937
Various Sources x_refsource_confirm
http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-24.jsp
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/11057
Scores
EPSS
0.0056
EPSS Percentile
68.6%
Details
Status
published
Products (3)
bea/weblogic_server
6.1 (4 CPE variants)
bea/weblogic_server
7.0 (2 CPE variants)
bea/weblogic_server
7.0.0.1
Published
Dec 31, 2003
Tracked Since
Feb 18, 2026