ID CVE-2006-0427Type cveReporter cve@mitre.orgModified 2017-07-20T01:29:00
Description
Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 9.0 and 8.1 through SP5 allows malicious EJBs or servlet applications to decrypt system passwords, possibly by accessing functionality that should have been restricted.
{"id": "CVE-2006-0427", "bulletinFamily": "NVD", "title": "CVE-2006-0427", "description": "Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 9.0 and 8.1 through SP5 allows malicious EJBs or servlet applications to decrypt system passwords, possibly by accessing functionality that should have been restricted.", "published": "2006-01-25T23:07:00", "modified": "2017-07-20T01:29:00", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-0427", "reporter": "cve@mitre.org", "references": ["http://www.vupen.com/english/advisories/2006/0313", "http://dev2dev.bea.com/pub/advisory/171", "http://secunia.com/advisories/18592", "https://exchange.xforce.ibmcloud.com/vulnerabilities/24291", "http://www.securityfocus.com/bid/16358", "http://securitytracker.com/id?1015528", "http://www.osvdb.org/22774"], "cvelist": ["CVE-2006-0427"], "type": "cve", "lastseen": "2020-10-03T11:48:12", "edition": 3, "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "osvdb", "idList": ["OSVDB:22774"]}], "modified": "2020-10-03T11:48:12", "rev": 2}, "score": {"value": 5.3, "vector": "NONE", "modified": "2020-10-03T11:48:12", "rev": 2}, "vulnersScore": 5.3}, "cpe": ["cpe:/a:bea:weblogic_server:9.0", "cpe:/a:bea:weblogic_server:8.1"], "affectedSoftware": [{"cpeName": "bea:weblogic_server", "name": "bea weblogic server", "operator": "eq", "version": "9.0"}, {"cpeName": "bea:weblogic_server", "name": "bea weblogic server", "operator": "eq", "version": "9.0"}, {"cpeName": "bea:weblogic_server", "name": "bea weblogic server", "operator": "eq", "version": "9.0"}, {"cpeName": "bea:weblogic_server", "name": "bea weblogic server", "operator": "eq", "version": "9.0"}, {"cpeName": "bea:weblogic_server", "name": "bea weblogic server", "operator": "eq", "version": "9.0"}, {"cpeName": "bea:weblogic_server", "name": "bea weblogic server", "operator": "eq", "version": "9.0"}, {"cpeName": "bea:weblogic_server", "name": "bea weblogic server", "operator": "eq", "version": "9.0"}, {"cpeName": "bea:weblogic_server", "name": "bea weblogic server", "operator": "eq", "version": "9.0"}, {"cpeName": "bea:weblogic_server", "name": "bea weblogic server", "operator": "eq", "version": "9.0"}, {"cpeName": "bea:weblogic_server", "name": "bea weblogic server", "operator": "eq", "version": "9.0"}, {"cpeName": "bea:weblogic_server", "name": "bea weblogic server", "operator": "eq", "version": "8.1"}, {"cpeName": "bea:weblogic_server", "name": "bea weblogic server", "operator": "eq", "version": "8.1"}, {"cpeName": "bea:weblogic_server", "name": "bea weblogic server", "operator": "eq", "version": "8.1"}, {"cpeName": "bea:weblogic_server", "name": "bea weblogic server", "operator": "eq", "version": "8.1"}, {"cpeName": "bea:weblogic_server", "name": "bea weblogic server", "operator": "eq", "version": "8.1"}, {"cpeName": "bea:weblogic_server", "name": "bea weblogic server", "operator": "eq", "version": "8.1"}, {"cpeName": "bea:weblogic_server", "name": "bea weblogic server", "operator": "eq", "version": "8.1"}, {"cpeName": "bea:weblogic_server", "name": "bea weblogic server", "operator": "eq", "version": "8.1"}, {"cpeName": "bea:weblogic_server", "name": "bea weblogic server", "operator": "eq", "version": "8.1"}, {"cpeName": "bea:weblogic_server", "name": "bea weblogic server", "operator": "eq", "version": "8.1"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:bea:weblogic_server:8.1:sp1:express:*:*:*:*:*", "cpe:2.3:a:bea:weblogic_server:9.0:sp1:*:*:*:*:*:*", "cpe:2.3:a:bea:weblogic_server:9.0:sp3:*:*:*:*:*:*", "cpe:2.3:a:bea:weblogic_server:8.1:sp4:express:*:*:*:*:*", "cpe:2.3:a:bea:weblogic_server:8.1:sp3:*:*:*:*:*:*", "cpe:2.3:a:bea:weblogic_server:9.0:sp2:*:*:*:*:*:*", "cpe:2.3:a:bea:weblogic_server:9.0:sp2:express:*:*:*:*:*", "cpe:2.3:a:bea:weblogic_server:8.1:sp1:*:*:*:*:*:*", "cpe:2.3:a:bea:weblogic_server:9.0:sp1:express:*:*:*:*:*", "cpe:2.3:a:bea:weblogic_server:9.0:sp5:*:*:*:*:*:*", "cpe:2.3:a:bea:weblogic_server:8.1:sp5:*:*:*:*:*:*", "cpe:2.3:a:bea:weblogic_server:8.1:sp2:express:*:*:*:*:*", "cpe:2.3:a:bea:weblogic_server:9.0:sp3:express:*:*:*:*:*", "cpe:2.3:a:bea:weblogic_server:8.1:sp3:express:*:*:*:*:*", "cpe:2.3:a:bea:weblogic_server:9.0:sp4:express:*:*:*:*:*", "cpe:2.3:a:bea:weblogic_server:8.1:sp5:express:*:*:*:*:*", "cpe:2.3:a:bea:weblogic_server:8.1:sp4:*:*:*:*:*:*", "cpe:2.3:a:bea:weblogic_server:8.1:sp2:*:*:*:*:*:*", "cpe:2.3:a:bea:weblogic_server:9.0:sp4:*:*:*:*:*:*", "cpe:2.3:a:bea:weblogic_server:9.0:sp5:express:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:bea:weblogic_server:8.1:sp2:express:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:bea:weblogic_server:9.0:sp1:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:bea:weblogic_server:8.1:sp2:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:bea:weblogic_server:8.1:sp1:express:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:bea:weblogic_server:8.1:sp1:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:bea:weblogic_server:9.0:sp4:express:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:bea:weblogic_server:8.1:sp3:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:bea:weblogic_server:9.0:sp1:express:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:bea:weblogic_server:9.0:sp4:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:bea:weblogic_server:8.1:sp5:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:bea:weblogic_server:9.0:sp3:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:bea:weblogic_server:9.0:sp5:express:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:bea:weblogic_server:8.1:sp4:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:bea:weblogic_server:8.1:sp5:express:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:bea:weblogic_server:9.0:sp3:express:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:bea:weblogic_server:9.0:sp2:express:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:bea:weblogic_server:8.1:sp3:express:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:bea:weblogic_server:9.0:sp2:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:bea:weblogic_server:9.0:sp5:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:bea:weblogic_server:8.1:sp4:express:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}}
{"osvdb": [{"lastseen": "2017-04-28T13:20:19", "bulletinFamily": "software", "cvelist": ["CVE-2006-0427"], "edition": 1, "description": "## Vulnerability Description\nBEA WebLogic Server contains a flaw that may allow a malicious user to create an application that can decrypt system passwords. It is possible that the flaw may allow access to decrypted system passwords, resulting in a loss of confidentiality.\n## Solution Description\nCurrently, there are no known workarounds or upgrades to correct this issue. However, the vendor has released patches to address this vulnerability.\n## Short Description\nBEA WebLogic Server contains a flaw that may allow a malicious user to create an application that can decrypt system passwords. It is possible that the flaw may allow access to decrypted system passwords, resulting in a loss of confidentiality.\n## References:\n[Vendor Specific Advisory URL](http://dev2dev.bea.com/pub/advisory/171)\n[Vendor Specific Advisory URL](http://dev2dev.bea.com/pub/advisory/184)\nSecurity Tracker: 1015528\n[Secunia Advisory ID:18592](https://secuniaresearch.flexerasoftware.com/advisories/18592/)\nKeyword: BEA06-114.00\nFrSIRT Advisory: ADV-2006-0313\n[CVE-2006-0427](https://vulners.com/cve/CVE-2006-0427)\nBugtraq ID: 16358\n", "modified": "2006-01-24T11:43:12", "published": "2006-01-24T11:43:12", "href": "https://vulners.com/osvdb/OSVDB:22774", "id": "OSVDB:22774", "type": "osvdb", "title": "BEA WebLogic Application Code Password Decryption", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}]}
