CVE-2005-4755
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
31/12/2005
Last modified:
03/04/2025
Description
BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier (1) stores the private key passphrase (CustomTrustKeyStorePassPhrase) in cleartext in nodemanager.config; or, during domain creation with the Configuration Wizard, renders an SSL private key passphrase in cleartext (2) on a terminal or (3) in a log file, which might allow local users to obtain cryptographic keys.
Impact
Base Score 2.0
2.10
Severity 2.0
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:bea:weblogic_server:8.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:bea:weblogic_server:8.1:*:express:*:*:*:*:* | ||
| cpe:2.3:a:bea:weblogic_server:8.1:sp1:*:*:*:*:*:* | ||
| cpe:2.3:a:bea:weblogic_server:8.1:sp1:express:*:*:*:*:* | ||
| cpe:2.3:a:bea:weblogic_server:8.1:sp2:*:*:*:*:*:* | ||
| cpe:2.3:a:bea:weblogic_server:8.1:sp2:express:*:*:*:*:* | ||
| cpe:2.3:a:bea:weblogic_server:8.1:sp3:*:*:*:*:*:* | ||
| cpe:2.3:a:bea:weblogic_server:8.1:sp3:express:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://dev2dev.bea.com/pub/advisory/145
- http://dev2dev.bea.com/pub/advisory/150
- http://secunia.com/advisories/17138
- http://www.securityfocus.com/bid/15052
- http://dev2dev.bea.com/pub/advisory/145
- http://dev2dev.bea.com/pub/advisory/150
- http://secunia.com/advisories/17138
- http://www.securityfocus.com/bid/15052