CVE-2005-4761

BEA WebLogic Server & Express <8.1 SP4, 7.0 SP5, 6.1 SP7 - Info Dis...

Title source: llm

Description

BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP5 and earlier, and 6.1 SP7 and earlier log the Java command line at server startup, which might include sensitive information (passwords or keyphrases) in the server log file when the -D option is used.

References (3)

Core 3

Core References

Patch vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/15052

Patch, Vendor Advisory vendor-advisory x_refsource_bea

http://dev2dev.bea.com/pub/advisory/152

Patch, Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/17138

Scores

EPSS 0.0011

EPSS Percentile 28.9%

Details

Status published

Products (3)

bea/weblogic_server 6.1 (24 CPE variants)

bea/weblogic_server 7.0 (18 CPE variants)

bea/weblogic_server 8.1 (8 CPE variants)

Published Dec 31, 2005

Tracked Since Feb 18, 2026