Lucene search

[email protected]CVE-2006-2430

HistoryMay 17, 2006 - 10:06 a.m.

CVE-2006-2430

2006-05-1710:06:00

[email protected]

web.nvd.nist.gov

ibm

websphere

application server

vulnerability

plaintext

user credentials

addnode.log

attacker

privileges

nvd

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

6.6 Medium

AI Score

Confidence

High

0.02 Low

EPSS

Percentile

89.0%

JSON

IBM WebSphere Application Server 5.0.2 and earlier, 5.1.1 and earlier, and 6.0.2 up to 6.0.2.7 records user credentials in plaintext in addNode.log, which allows attackers to gain privileges.

Affected configurations

NVD

Node

ibmwebsphere_application_serverMatch5.0.0

ibmwebsphere_application_serverMatch5.0.1

ibmwebsphere_application_serverMatch5.0.2

ibmwebsphere_application_serverMatch5.1.0

ibmwebsphere_application_serverMatch5.1.1

ibmwebsphere_application_serverMatch6.0.2

ibmwebsphere_application_serverMatch6.0.2.1

ibmwebsphere_application_serverMatch6.0.2.2

ibmwebsphere_application_serverMatch6.0.2.3

ibmwebsphere_application_serverMatch6.0.2.4

ibmwebsphere_application_serverMatch6.0.2.5

ibmwebsphere_application_serverMatch6.0.2.6

ibmwebsphere_application_serverMatch6.0.2.7

CPENameOperatorVersion
ibm:websphere_application_serveribm websphere application servereq5.0.0
ibm:websphere_application_serveribm websphere application servereq5.0.1
ibm:websphere_application_serveribm websphere application servereq5.0.2
ibm:websphere_application_serveribm websphere application servereq5.1.0
ibm:websphere_application_serveribm websphere application servereq5.1.1
ibm:websphere_application_serveribm websphere application servereq6.0.2
ibm:websphere_application_serveribm websphere application servereq6.0.2.1
ibm:websphere_application_serveribm websphere application servereq6.0.2.2
ibm:websphere_application_serveribm websphere application servereq6.0.2.3
ibm:websphere_application_serveribm websphere application servereq6.0.2.4

CPE	Name	Operator	Version
ibm:websphere_application_server	ibm websphere application server	eq	5.0.0
ibm:websphere_application_server	ibm websphere application server	eq	5.0.1
ibm:websphere_application_server	ibm websphere application server	eq	5.0.2
ibm:websphere_application_server	ibm websphere application server	eq	5.1.0
ibm:websphere_application_server	ibm websphere application server	eq	5.1.1
ibm:websphere_application_server	ibm websphere application server	eq	6.0.2
ibm:websphere_application_server	ibm websphere application server	eq	6.0.2.1
ibm:websphere_application_server	ibm websphere application server	eq	6.0.2.2
ibm:websphere_application_server	ibm websphere application server	eq	6.0.2.3
ibm:websphere_application_server	ibm websphere application server	eq	6.0.2.4

Rows per page:

1-10 of 131

References

archives.neohapsis.com/archives/bugtraq/2006-05/0175.html

secunia.com/advisories/20032

securityreason.com/securityalert/910

www-1.ibm.com/support/docview.wss?rs=0&dc=DB550&q1=PK16492&uid=swg1PK22416&loc=en_US&cs=utf-8&lang=

www-1.ibm.com/support/docview.wss?rs=180&uid=swg24011773

www-1.ibm.com/support/docview.wss?rs=180&uid=swg24012009

www-1.ibm.com/support/docview.wss?rs=180&uid=swg24012064

www-1.ibm.com/support/search.wss?rs=0&q=PK16492&apar=only

www.osvdb.org/25372

www.vupen.com/english/advisories/2006/1736

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

6.6 Medium

AI Score

Confidence

High

0.02 Low

EPSS

Percentile

89.0%

JSON

Related for CVE-2006-2430

cvelist1 prion1 nvd1