CVE-2007-5576

Description

BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which allows physically proximate attackers to obtain sensitive information via the (1) cnsbind, (2) cnsunbind, or (3) cnsls commands.

Affected products

• bea / tuxedo8.0 – 8.0
• bea / tuxedo8.1 – 8.1
• bea / weblogic_integration8.1 – 8.1
• bea / weblogic_integration8.1 – 8.1
• bea / weblogic_integration8.1 – 8.1
• bea / weblogic_integration8.1 – 8.1
• bea / weblogic_integration8.1 – 8.1
• bea / weblogic_integration8.1 – 8.1
• bea / weblogic_integration9.2 – 9.2
• bea / weblogic_server5.1 – 5.1
• bea / weblogic_server6.1 – 6.1
• bea / weblogic_server6.1 – 6.1
• bea / weblogic_server6.1 – 6.1
• bea / weblogic_server6.1 – 6.1
• bea / weblogic_server6.1 – 6.1
• bea / weblogic_server6.1 – 6.1
• bea / weblogic_server6.1 – 6.1
• bea / weblogic_server6.1 – 6.1
• bea / weblogic_server7.0 – 7.0
• bea / weblogic_server7.0 – 7.0
• bea / weblogic_server7.0 – 7.0
• bea / weblogic_server7.0 – 7.0
• bea / weblogic_server7.0 – 7.0
• bea / weblogic_server7.0 – 7.0
• bea / weblogic_server7.0 – 7.0
• bea / weblogic_server7.0 – 7.0
• bea / weblogic_server7.0 – 7.0
• bea / weblogic_server7.0 – 7.0
• bea / weblogic_server7.0 – 7.0
• bea / weblogic_server7.0 – 7.0
• bea / weblogic_server7.0 – 7.0
• bea / weblogic_server7.0 – 7.0
• bea / weblogic_server7.0 – 7.0
• bea / weblogic_server7.0 – 7.0
• bea / weblogic_server7.0.0.1 – 7.0.0.1
• bea / weblogic_server7.0.0.1 – 7.0.0.1
• bea / weblogic_server7.0.0.1 – 7.0.0.1
• bea / weblogic_server7.0.0.1 – 7.0.0.1
• bea / weblogic_server7.0.0.1 – 7.0.0.1
• bea / weblogic_server8.1 – 8.1
• bea / weblogic_server8.1 – 8.1
• bea / weblogic_server8.1 – 8.1
• bea / weblogic_server8.1 – 8.1
• bea / weblogic_server8.1 – 8.1
• bea / weblogic_server8.1 – 8.1
• bea / weblogic_server9.0 – 9.0
• bea / weblogic_server9.1 – 9.1
• bea / weblogic_server9.1 – 9.1
• bea / weblogic_server9.2 – 9.2
• bea / weblogic_server9.2 – 9.2
• bea / weblogic_workshop8.1 – 8.1
• bea / weblogic_workshop8.1 – 8.1
• bea / weblogic_workshop8.1 – 8.1
• bea / weblogic_workshop8.1 – 8.1
• bea / weblogic_workshop8.1 – 8.1
• oracle / weblogic_portal9.2 – 9.2

References

• MISChttp://osvdb.org/45478
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/34290
• MISChttp://dev2dev.bea.com/pub/advisory/226
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2007/1813