The HTTP handlers in BEA WebLogic Server 9.0, 8.1 up to SP5, 7.0 up to SP6, and 6.1 up to SP7 stores the username and password in cleartext in the WebLogic Server log when access to a web application or protected JWS fails, which allows malicious users to gain privileges.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
bea weblogic server 6.0 |
||
bea weblogic server 7.0 |
||
bea weblogic server 8.1 |
||
bea weblogic server 6.1 |
||
bea weblogic server 9.0 |