Lucene search

[email protected]CVE-2006-0426

HistoryJan 25, 2006 - 11:07 p.m.

CVE-2006-0426

2006-01-2523:07:00

[email protected]

web.nvd.nist.gov

cve-2006-0426

bea weblogic server

weblogic express 8.1

configuration auditing

password change

cleartext

defaultauditrecorder.log

privilege escalation

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.5%

JSON

BEA WebLogic Server and WebLogic Express 8.1 through SP4, when configuration auditing is enabled and a password change occurs, stores the old and new passwords in cleartext in the DefaultAuditRecorder.log file, which could allow attackers to gain privileges.

Affected configurations

NVD

Node

beaweblogic_serverMatch8.1sp1

beaweblogic_serverMatch8.1sp1express

beaweblogic_serverMatch8.1sp2

beaweblogic_serverMatch8.1sp2express

beaweblogic_serverMatch8.1sp3

beaweblogic_serverMatch8.1sp3express

beaweblogic_serverMatch8.1sp4

beaweblogic_serverMatch8.1sp4express

CPENameOperatorVersion
bea:weblogic_serverbea weblogic servereq8.1

CPE	Name	Operator	Version
bea:weblogic_server	bea weblogic server	eq	8.1

References

dev2dev.bea.com/pub/advisory/170

secunia.com/advisories/18592

securitytracker.com/id?1015528

www.osvdb.org/22775

www.securityfocus.com/bid/16358

www.vupen.com/english/advisories/2006/0313

exchange.xforce.ibmcloud.com/vulnerabilities/24290

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.5%

JSON

Related for CVE-2006-0426

nvd1 prion1 cvelist1