BEA WebLogic Server and WebLogic Express 7.0 through 7.0 Service Pack 4, and 8.1 through 8.1 Service Pack 2, allows attackers to obtain the username and password for booting the server by directly accessing certain internal methods.
https://exchange.xforce.ibmcloud.com/vulnerabilities/15865
http://www.securityfocus.com/bid/10133
http://www.kb.cert.org/vuls/id/352110
http://securitytracker.com/id?1009766
http://secunia.com/advisories/11359
http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_55.00.jsp