Lucene search

[email protected]CVE-2006-2469

HistoryMay 19, 2006 - 10:02 a.m.

CVE-2006-2469

2006-05-1910:02:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-2469

weblogic server

cleartext storage

vulnerability

nvd

7.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

77.7%

JSON

The HTTP handlers in BEA WebLogic Server 9.0, 8.1 up to SP5, 7.0 up to SP6, and 6.1 up to SP7 stores the username and password in cleartext in the WebLogic Server log when access to a web application or protected JWS fails, which allows attackers to gain privileges.

CPENameOperatorVersion
bea:weblogic_serverbea weblogic servereq6.1
bea:weblogic_serverbea weblogic servereq8.1
bea:weblogic_serverbea weblogic servereq9.0
bea:weblogic_serverbea weblogic servereq7.0
bea:weblogic_serverbea weblogic servereq6.0

CPE	Name	Operator	Version
bea:weblogic_server	bea weblogic server	eq	6.1
bea:weblogic_server	bea weblogic server	eq	8.1
bea:weblogic_server	bea weblogic server	eq	9.0
bea:weblogic_server	bea weblogic server	eq	7.0
bea:weblogic_server	bea weblogic server	eq	6.0

References

dev2dev.bea.com/pub/advisory/189

secunia.com/advisories/20130

securitytracker.com/id?1016098

www.vupen.com/english/advisories/2006/1828

exchange.xforce.ibmcloud.com/vulnerabilities/26463

7.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

77.7%

JSON

Related for CVE-2006-2469

prion1 cvelist1