CVE-2005-4755
BEA WebLogic Server & WebLogic Express <8.1 SP3 - Info Disclosure
Title source: llmDescription
BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier (1) stores the private key passphrase (CustomTrustKeyStorePassPhrase) in cleartext in nodemanager.config; or, during domain creation with the Configuration Wizard, renders an SSL private key passphrase in cleartext (2) on a terminal or (3) in a log file, which might allow local users to obtain cryptographic keys.
References (4)
Core 4
Core References
Patch, Vendor Advisory vendor-advisory
x_refsource_bea
http://dev2dev.bea.com/pub/advisory/145
Patch, Vendor Advisory vendor-advisory
x_refsource_bea
http://dev2dev.bea.com/pub/advisory/150
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/15052
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/17138
Scores
EPSS
0.0008
EPSS Percentile
23.6%
Details
Status
published
Products (1)
bea/weblogic_server
8.1 (8 CPE variants)
Published
Dec 31, 2005
Tracked Since
Feb 18, 2026