BEA Systems WebLogic Server and Express Password Disclosure Vulnerability

Bugtraq ID:	4733
Class:	Design Error
CVE:
Remote:	No
Local:	Yes
Published:	May 10 2002 12:00AM
Updated:	May 10 2002 12:00AM
Credit:	Credited to Fannie Mae.
Vulnerable:	BEA Systems Weblogic Server 5.1 SP 9 BEA Systems Weblogic Server 5.1 SP 8 BEA Systems Weblogic Server 5.1 SP 7 - Digital OpenVMS 7.1 - Digital (Compaq) TRU64/DIGITAL UNIX 5.0 - HP HP-UX 11.0 - HP HP-UX 10.20 - IBM AIX 4.3 - IBM AIX 4.2 - IBM OS/390 V2R6 - Microsoft Windows 2000 Professional - Microsoft Windows 98 - Microsoft Windows NT 4.0 - Redhat Linux 7.0 - SCO Unixware 7.1.1 - SGI IRIX 6.5.8 - Sun Solaris 8_sparc BEA Systems Weblogic Server 5.1 SP 6 BEA Systems Weblogic Server 5.1 SP 5 BEA Systems Weblogic Server 5.1 SP 4 BEA Systems Weblogic Server 5.1 SP 3 BEA Systems Weblogic Server 5.1 SP 2 BEA Systems Weblogic Server 5.1 SP 12 BEA Systems Weblogic Server 5.1 SP 11 BEA Systems Weblogic Server 5.1 SP 10 - HP HP-UX 11.0 - HP HP-UX 11i v1 - IBM AIX 4.3.3 - Microsoft Windows 2000 Advanced Server SP2 - Microsoft Windows 2000 Advanced Server SP1 - Microsoft Windows 2000 Advanced Server - Microsoft Windows 2000 Datacenter Server SP2 - Microsoft Windows 2000 Datacenter Server SP1 - Microsoft Windows 2000 Datacenter Server - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Server SP1 - Microsoft Windows 2000 Server - Microsoft Windows NT Enterprise Server 4.0 SP6a - Microsoft Windows NT Enterprise Server 4.0 SP6 - Microsoft Windows NT Enterprise Server 4.0 SP5 - Microsoft Windows NT Enterprise Server 4.0 SP4 - Microsoft Windows NT Server 4.0 SP6a - Microsoft Windows NT Server 4.0 SP6 - Microsoft Windows NT Server 4.0 SP5 - Microsoft Windows NT Server 4.0 SP4 - Redhat Linux 7.1 i386 - Redhat Linux 6.2 i386 - Sun Solaris 8_sparc - Sun Solaris 2.7_sparc - Sun Solaris 2.6_sparc BEA Systems Weblogic Server 5.1 SP 1 BEA Systems Weblogic Server 5.1 - Apache Apache 1.3.12 - Apache Apache 1.3.9 - Apache Apache 1.3.9 - C2Net StrongHold Web Server 3.0 - HP HP-UX 11.0 - HP HP-UX 10.20 - IBM AIX 4.3 - IBM AIX 4.2 - Microsoft IIS 5.0 - Microsoft IIS 4.0 - Microsoft Windows 2000 Professional - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows NT 4.0 - Redhat Linux 5.1 - Sun Solaris 8_sparc BEA Systems WebLogic Express 5.1 SP 9 BEA Systems WebLogic Express 5.1 SP 8 BEA Systems WebLogic Express 5.1 SP 7 BEA Systems WebLogic Express 5.1 SP 6 BEA Systems WebLogic Express 5.1 SP 5 BEA Systems WebLogic Express 5.1 SP 4 BEA Systems WebLogic Express 5.1 SP 3 BEA Systems WebLogic Express 5.1 SP 2 BEA Systems WebLogic Express 5.1 SP 12 BEA Systems WebLogic Express 5.1 SP 11 - HP HP-UX 11.0 - HP HP-UX 11i v1 - IBM AIX 4.3.3 - Microsoft Windows 2000 Advanced Server SP2 - Microsoft Windows 2000 Advanced Server SP1 - Microsoft Windows 2000 Advanced Server - Microsoft Windows 2000 Datacenter Server SP2 - Microsoft Windows 2000 Datacenter Server SP1 - Microsoft Windows 2000 Datacenter Server - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Server SP1 - Microsoft Windows 2000 Server - Microsoft Windows NT Enterprise Server 4.0 SP6a - Microsoft Windows NT Enterprise Server 4.0 SP6 - Microsoft Windows NT Enterprise Server 4.0 SP5 - Microsoft Windows NT Enterprise Server 4.0 SP4 - Microsoft Windows NT Enterprise Server 4.0 SP3 - Microsoft Windows NT Enterprise Server 4.0 SP2 - Microsoft Windows NT Enterprise Server 4.0 SP1 - Microsoft Windows NT Enterprise Server 4.0 - Microsoft Windows NT Server 4.0 SP6a - Microsoft Windows NT Server 4.0 SP6 - Microsoft Windows NT Server 4.0 SP5 - Microsoft Windows NT Server 4.0 SP4 - Microsoft Windows NT Server 4.0 SP3 - Microsoft Windows NT Server 4.0 SP2 - Microsoft Windows NT Server 4.0 SP1 - Microsoft Windows NT Server 4.0 - Microsoft Windows NT Workstation 4.0 SP6a - Microsoft Windows NT Workstation 4.0 SP6 - Microsoft Windows NT Workstation 4.0 SP5 - Microsoft Windows NT Workstation 4.0 SP4 - Microsoft Windows NT Workstation 4.0 SP3 - Microsoft Windows NT Workstation 4.0 SP2 - Microsoft Windows NT Workstation 4.0 SP1 - Microsoft Windows NT Workstation 4.0 - Redhat Linux 7.1 i386 - Redhat Linux 6.2 i386 - Sun Solaris 8_sparc - Sun Solaris 2.7 - Sun Solaris 2.6 BEA Systems WebLogic Express 5.1 SP 10 BEA Systems WebLogic Express 5.1 SP 1 BEA Systems WebLogic Express 5.1

Not Vulnerable: