Lucene search

[email protected]CVE-2006-2471

HistoryMay 19, 2006 - 10:02 a.m.

CVE-2006-2471

2006-05-1910:02:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

bea weblogic

vulnerabilities

remote attackers

information leakage

security

nvd

7.3 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.012 Low

EPSS

Percentile

84.9%

JSON

Multiple vulnerabilities in BEA WebLogic Server 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7 leak sensitive information to remote attackers, including (1) DNS and IP addresses to address to T3 clients, (2) internal sensitive information using GetIORServlet, (3) certain “server details” in exceptions when invalid XML is provided, and (4) a stack trace in a SOAP fault.

CPENameOperatorVersion
bea:weblogic_serverbea weblogic servereq8.1
bea:weblogic_serverbea weblogic servereq7.0
bea:weblogic_serverbea weblogic servereq6.1

CPE	Name	Operator	Version
bea:weblogic_server	bea weblogic server	eq	8.1
bea:weblogic_server	bea weblogic server	eq	7.0
bea:weblogic_server	bea weblogic server	eq	6.1

References

dev2dev.bea.com/pub/advisory/187

secunia.com/advisories/20130

securitytracker.com/id?1016096

www.vupen.com/english/advisories/2006/1828

exchange.xforce.ibmcloud.com/vulnerabilities/26465

7.3 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.012 Low

EPSS

Percentile

84.9%

JSON

Related for CVE-2006-2471

prion1