FKIE_CVE-2007-5576

Vulnerability from fkie_nvd - Published: 2007-10-18 21:17 - Updated: 2025-04-09 00:30
Severity ?
Summary
BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which allows physically proximate attackers to obtain sensitive information via the (1) cnsbind, (2) cnsunbind, or (3) cnsls commands.
References
cve@mitre.orghttp://dev2dev.bea.com/pub/advisory/226
cve@mitre.orghttp://osvdb.org/45478
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/1813
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/34290
af854a3a-2127-422b-91ae-364da2661108http://dev2dev.bea.com/pub/advisory/226
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/45478
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/1813
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/34290
Impacted products
Vendor Product Version
bea tuxedo 8.0
bea tuxedo 8.1
bea weblogic_integration 8.1
bea weblogic_integration 8.1
bea weblogic_integration 8.1
bea weblogic_integration 8.1
bea weblogic_integration 8.1
bea weblogic_integration 8.1
bea weblogic_integration 9.2
bea weblogic_server 5.1
bea weblogic_server 6.1
bea weblogic_server 6.1
bea weblogic_server 6.1
bea weblogic_server 6.1
bea weblogic_server 6.1
bea weblogic_server 6.1
bea weblogic_server 6.1
bea weblogic_server 6.1
bea weblogic_server 7.0
bea weblogic_server 7.0
bea weblogic_server 7.0
bea weblogic_server 7.0
bea weblogic_server 7.0
bea weblogic_server 7.0
bea weblogic_server 7.0
bea weblogic_server 7.0
bea weblogic_server 7.0
bea weblogic_server 7.0
bea weblogic_server 7.0
bea weblogic_server 7.0
bea weblogic_server 7.0
bea weblogic_server 7.0
bea weblogic_server 7.0
bea weblogic_server 7.0
bea weblogic_server 7.0.0.1
bea weblogic_server 7.0.0.1
bea weblogic_server 7.0.0.1
bea weblogic_server 7.0.0.1
bea weblogic_server 7.0.0.1
bea weblogic_server 8.1
bea weblogic_server 8.1
bea weblogic_server 8.1
bea weblogic_server 8.1
bea weblogic_server 8.1
bea weblogic_server 8.1
bea weblogic_server 9.0
bea weblogic_server 9.1
bea weblogic_server 9.1
bea weblogic_server 9.2
bea weblogic_server 9.2
bea weblogic_workshop 8.1
bea weblogic_workshop 8.1
bea weblogic_workshop 8.1
bea weblogic_workshop 8.1
bea weblogic_workshop 8.1
oracle weblogic_portal 9.2
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:bea:tuxedo:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "95C77782-600F-4BBB-B71D-C28FDD9AAF60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:tuxedo:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "30BF1224-40A6-454F-B6CF-3BEEBE3272B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_integration:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "53E28DE8-4868-4DCE-8F8C-7967F2515D80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_integration:8.1:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "60231665-A976-4831-9419-AA332D3CC3D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_integration:8.1:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "C67B3D8E-EBFF-4926-B696-9DC123A667EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_integration:8.1:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "DA53F4D4-CABE-47A4-A900-840B5B933D5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_integration:8.1:sp5:*:*:*:*:*:*",
              "matchCriteriaId": "4CE99F33-A818-441D-A4AF-773C5422D992",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_integration:8.1:sp6:*:*:*:*:*:*",
              "matchCriteriaId": "FC355584-B0B1-4834-B2C9-4671AC4ED382",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_integration:9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C64003CF-C562-491A-8430-B8D40CEC528C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:5.1:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "AC966FC9-3ED4-4CCD-B1E6-74E8CC7CEBCD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:6.1:*:express:*:*:*:*:*",
              "matchCriteriaId": "05AFBE78-C611-4EA2-8B00-5F8B61696CBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:6.1:sp1:express:*:*:*:*:*",
              "matchCriteriaId": "C3B7752C-B297-480A-B3FC-948EA081670C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:6.1:sp2:express:*:*:*:*:*",
              "matchCriteriaId": "71892EC0-E6B1-4214-AC53-06489F711829",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:6.1:sp3:express:*:*:*:*:*",
              "matchCriteriaId": "696F52AE-FEB9-4090-872E-FDFD969F5604",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:6.1:sp4:express:*:*:*:*:*",
              "matchCriteriaId": "DCED03B6-7565-4F53-8D85-F3391BF66988",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:6.1:sp5:express:*:*:*:*:*",
              "matchCriteriaId": "B70F0353-635F-465B-A7E5-AF2D017AB008",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:6.1:sp6:express:*:*:*:*:*",
              "matchCriteriaId": "FED6AE20-974B-44A7-98C4-F69E6E33D9DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:6.1:sp7:express:*:*:*:*:*",
              "matchCriteriaId": "F77E777F-7EB5-4A08-9063-C772B49B5E36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9C5AFCF-79D8-4005-B800-B0C6BD461276",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0:*:express:*:*:*:*:*",
              "matchCriteriaId": "FBDF3AC0-0680-4EEE-898C-47D194667BE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "6828CE4B-91E8-4688-977F-DC7BC21131C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp1:express:*:*:*:*:*",
              "matchCriteriaId": "BBDB9094-78E8-4CBF-9F5F-321D5174F1EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "E141AA86-C6D0-4FA8-9268-0FB0635DF9CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp2:express:*:*:*:*:*",
              "matchCriteriaId": "6FB8930F-C6D8-40B9-8D08-751F5B47229B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "893D9D88-43C4-4F9F-A364-0585DE6FA9E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp3:express:*:*:*:*:*",
              "matchCriteriaId": "D59F9859-7344-43F0-9348-E57FABB9E431",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "D34E2925-DE2A-437F-B349-BD7103F4C37E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp4:express:*:*:*:*:*",
              "matchCriteriaId": "0A4EC87D-EF83-48C5-B516-A6A482D9F525",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp5:*:*:*:*:*:*",
              "matchCriteriaId": "16E3F943-D920-4C0A-8545-5CF7D792011F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp5:express:*:*:*:*:*",
              "matchCriteriaId": "6BBA04D4-BA2E-4495-85DE-38918A878012",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp6:*:*:*:*:*:*",
              "matchCriteriaId": "B46A3EBE-B268-427E-AAB5-62DDF255F1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp6:express:*:*:*:*:*",
              "matchCriteriaId": "A3024422-1CA9-4E5D-80D1-2F4B57FDAEBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp7:*:*:*:*:*:*",
              "matchCriteriaId": "F5D61A68-E83A-4374-832A-C9A2FEA0AD6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp7:express:*:*:*:*:*",
              "matchCriteriaId": "596178D8-B7BB-4793-81C1-119ED353CF2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "74AE35FF-AC1C-435B-8CE9-F40AFFFA3A46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "32E8797D-1B62-4480-A79D-0345E65699E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "2FC1486C-6AC4-44F7-9015-40FD4A341C38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "5485722F-5DE4-4CD4-865F-32585537F523",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "3CCEDE54-97F3-457A-9886-5BD91C9AED2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:8.1:*:express:*:*:*:*:*",
              "matchCriteriaId": "ADED8968-EA9C-4F0E-AD2F-BC834F4D8A58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp1:express:*:*:*:*:*",
              "matchCriteriaId": "F7560131-A6AC-4BBB-AA2D-C7C63AB51226",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp2:express:*:*:*:*:*",
              "matchCriteriaId": "893C2387-03E3-4F8E-9029-BC64C64239EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp3:express:*:*:*:*:*",
              "matchCriteriaId": "55661356-58E0-49D3-9C79-B4BB5EBE24CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp4:express:*:*:*:*:*",
              "matchCriteriaId": "107C2FC6-BC60-4817-8A21-14C81DA6DEF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp5:express:*:*:*:*:*",
              "matchCriteriaId": "24E0BA12-971C-4DC4-8ED2-9B7DCD6390E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CA97F1A-49F7-4511-8959-D62155491DF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCAAE8F1-CB25-4871-BE48-ABF7DFAD8AD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:9.1:*:express:*:*:*:*:*",
              "matchCriteriaId": "17280B97-D499-434E-BD89-FD348E9E2E0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BA8C449-ECD0-46E5-A7D6-740DE8DEE0EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:9.2:*:express:*:*:*:*:*",
              "matchCriteriaId": "B06BDF43-A534-4F38-813D-72F538549F6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_workshop:8.1:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "AD6F9694-259F-4631-BC93-B1136F08E77E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_workshop:8.1:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "77624161-7740-4162-9C83-C0DFEA2BBCCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_workshop:8.1:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "E785D039-3426-4C1F-BBA8-7C6D32FB141E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_workshop:8.1:sp5:*:*:*:*:*:*",
              "matchCriteriaId": "D4B2A474-B6C4-47B6-8B20-8722A8C25238",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_workshop:8.1:sp6:*:*:*:*:*:*",
              "matchCriteriaId": "2FDBD7AF-51AC-48B9-A465-0C13B9230EE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_portal:9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B04835B2-7FE9-462B-B989-4031D43C9670",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which allows physically proximate attackers to obtain sensitive information via the (1) cnsbind, (2) cnsunbind, or (3) cnsls commands."
    },
    {
      "lang": "es",
      "value": "BEA Tuxedo 8.0 anterior al RP392 y el 8.1 anterior al RP293 y el WebLogic Enterprise 5.1 anterior al RP174, muestra la contrase\u00f1a en texto claro, lo que permite a atacantes f\u00edsicamente pr\u00f3ximos obtener informaci\u00f3n sensible a trav\u00e9s de los comandos (1) cnsbind, (2) cnsunbind o (3) cnsls."
    }
  ],
  "evaluatorSolution": "More information can be found regarding patch information at:\r\nhttp://www.securityfocus.com/bid/23979/solution",
  "id": "CVE-2007-5576",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.8,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-10-18T21:17:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://dev2dev.bea.com/pub/advisory/226"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/45478"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/1813"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34290"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://dev2dev.bea.com/pub/advisory/226"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/45478"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/1813"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34290"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.