Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2430

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2006-2430
Last Modified 07 Mar 2011 09:36:11
Published 17 May 2006 06:06:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2430

Summary

IBM WebSphere Application Server 5.0.2 and earlier, 5.1.1 and earlier, and 6.0.2 up to 6.0.2.7 records user credentials in plaintext in addNode.log, which allows attackers to gain privileges.

Vulnerable Systems

Application

  • Ibm Websphere Application Server 5.0.0

  • Ibm Websphere Application Server 5.0.1

  • Ibm Websphere Application Server 5.0.2

  • Ibm Websphere Application Server 5.1.0

  • Ibm Websphere Application Server 5.1.1

  • Ibm Websphere Application Server 6.0.2

  • Ibm Websphere Application Server 6.0.2.1

  • Ibm Websphere Application Server 6.0.2.2

  • Ibm Websphere Application Server 6.0.2.3

  • Ibm Websphere Application Server 6.0.2.4

  • Ibm Websphere Application Server 6.0.2.5

  • Ibm Websphere Application Server 6.0.2.6

  • Ibm Websphere Application Server 6.0.2.7


References

AIXAPAR - PK16492

CONFIRM - http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24012064

CONFIRM - http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24012009

CONFIRM - http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24011773

AIXAPAR - PK22416

SECUNIA - 20032

BUGTRAQ - 20060509 IBM Websphere Application Server Multiple Vulnerabilities

VUPEN - ADV-2006-1736

OSVDB - 25372

SREASON - 910


Last Updated: 27 May 2016 10:42:28