Lucene search

[email protected]CVE-2006-2466

HistoryMay 19, 2006 - 10:02 a.m.

CVE-2006-2466

2006-05-1910:02:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-2466

bea weblogic

jsp

showcode vulnerability

nvd

security issue

7.6 High

AI Score

Confidence

Low

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

0.006 Low

EPSS

Percentile

79.0%

JSON

BEA WebLogic Server 8.1 up to SP4 and 7.0 up to SP6 allows remote attackers to obtain the source code of JSP pages during certain circumstances related to a “timing window” when a compilation error occurs, aka the “JSP showcode vulnerability.”

CPENameOperatorVersion
bea:weblogic_serverbea weblogic servereq8.1
bea:weblogic_serverbea weblogic servereq7.0

CPE	Name	Operator	Version
bea:weblogic_server	bea weblogic server	eq	8.1
bea:weblogic_server	bea weblogic server	eq	7.0

References

dev2dev.bea.com/pub/advisory/192

secunia.com/advisories/20130

securitytracker.com/id?1016100

www.vupen.com/english/advisories/2006/1828

exchange.xforce.ibmcloud.com/vulnerabilities/26461

7.6 High

AI Score

Confidence

Low

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

0.006 Low

EPSS

Percentile

79.0%

JSON

Related for CVE-2006-2466

prion1