VULHUB ™

BEA has reported a weakness affecting WebLogic Server and WebLogic Express. Due to a flaw, vulnerable versions of WebLogic Server/Express may write the clear text database password to a configuration file. This is reported to occur only when a server is configured to employ untargeted JDBC connection pools and have passwords configured. An attacker may harvest the password and use it to gain unauthorized access to the database.

BEA has reported a weakness affecting WebLogic Server and WebLogic Express. Due to a flaw, vulnerable versions of WebLogic Server/Express may write the clear text database password to a configuration file. This is reported to occur only when a server is configured to employ untargeted JDBC connection pools and have passwords configured. An attacker may harvest the password and use it to gain unauthorized access to the database.