BEA WebLogic up to 8.1 SP2 Config Log File config.sh missing encryption
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 6.4 | $0-$5k | 0.00 |
Summary
A vulnerability identified as problematic has been detected in BEA WebLogic up to 8.1 SP2. This impacts an unknown function of the file config.sh of the component Config Log File Handler. This manipulation causes missing encryption. This vulnerability is registered as CVE-2004-0712. The attack requires access to the local network. Furthermore, an exploit is available. It is suggested to install a patch to address this issue.
Details
A vulnerability has been found in BEA WebLogic up to 8.1 SP2 (Application Server Software) and classified as critical. Affected by this vulnerability is some unknown functionality of the file config.sh of the component Config Log File Handler. The manipulation with an unknown input leads to a missing encryption vulnerability. The CWE definition for the vulnerability is CWE-311. The product does not encrypt sensitive or critical information before storage or transmission. As an impact it is known to affect confidentiality, and integrity. The summary by CVE is:
The configuration tools (1) config.sh in Unix or (2) config.cmd in Windows for BEA WebLogic Server 8.1 through SP2 create a log file that contains the administrative username and password in cleartext, which could allow local users to gain privileges.
The weakness was published 04/20/2004 with BEA Systems, Inc. (Website). The advisory is shared at dev2dev.bea.com. This vulnerability is known as CVE-2004-0712 since 07/20/2004. The attack can only be initiated within the local network. The exploitation doesn't need any form of authentication. Technical details and also a public exploit are known. MITRE ATT&CK project uses the attack technique T1600 for this issue.
After 1 days, there has been an exploit disclosed. It is declared as proof-of-concept. The commercial vulnerability scanner Qualys is able to test this issue with plugin 87197 (Oracle WebLogic Server Multiple Vulnerabilities (BEA04-56.00,BEA04-57.00,BEA04-58.00)).
Upgrading to version 3 eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready for download at dev2dev.bea.com. The best possible mitigation is suggested to be patching the affected component.
The vulnerability is also documented in the databases at X-Force (15926), SecurityFocus (BID 10188†), OSVDB (15380†), Secunia (SA11437†) and SecurityTracker (ID 1009898†). Additional details are provided at ftpna.beasys.com. Similar entries are available at VDB-623 and VDB-624. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Product
Type
Vendor
Name
Version
License
Website
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.1VulDB Meta Temp Score: 6.4
VulDB Base Score: 7.1
VulDB Temp Score: 6.4
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Missing encryptionCWE: CWE-311 / CWE-310
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: Partially
Availability: 🔍
Access: Public
Status: Proof-of-Concept
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
0-Day Time: 🔍
Exploit Delay Time: 🔍
Upgrade: WebLogic 3
Patch: dev2dev.bea.com
Timeline
04/20/2004 🔍04/20/2004 🔍
04/21/2004 🔍
04/21/2004 🔍
04/21/2004 🔍
04/21/2004 🔍
04/21/2004 🔍
07/20/2004 🔍
07/27/2004 🔍
01/20/2005 🔍
11/20/2024 🔍
Sources
Vendor: oracle.comAdvisory: dev2dev.bea.com
Researcher: http://www.bea.com
Organization: BEA Systems, Inc.
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2004-0712 (🔍)
GCVE (CVE): GCVE-0-2004-0712
GCVE (VulDB): GCVE-100-625
CERT: 🔍
X-Force: 15926 - BEA WebLogic stores administrative username and password in plain text, Medium Risk
SecurityFocus: 10188 - BEA WebLogic Server And WebLogic Express Configuration Log Files Plain Text Password Vulnerability
Secunia: 11437 - BEA WebLogic Exposure of Administrative Credentials, Less Critical
OSVDB: 15380 - BEA WebLogic config.cmd Log File Admin Credential Cleartext Disclosure
SecurityTracker: 1009898 - BEA WebLogic 'config.sh' and 'config.cmd' May Disclose Administrative Password to Local Users
Vulnerability Center: 6871 - BEA WebLogic Server 8.1 through SP2 Allow Privilege Elevation, Medium
scip Labs: https://www.scip.ch/en/?labs.20161013
Misc.: 🔍
See also: 🔍
Entry
Created: 04/21/2004 14:34Updated: 11/20/2024 18:06
Changes: 04/21/2004 14:34 (91), 06/07/2017 16:01 (4), 11/20/2024 18:06 (17)
Complete: 🔍
Cache ID: 216:F81:103
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
No comments yet. Languages: en.
Please log in to comment.