Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2436

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-2436
Last Modified 07 Mar 2011 09:36:12
Published 17 May 2006 06:06:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2436

Summary

WebSphere Application Server 5.0.2 (or any earlier cumulative fix) stores admin and LDAP passwords in plaintext in the FFDC logs when a login to WebSphere fails, which allows attackers to gain privileges.

Vulnerable Systems

Application

  • Ibm Websphere Application Server 5.0.0

  • Ibm Websphere Application Server 5.0.1

  • Ibm Websphere Application Server 5.0.2


References

AIXAPAR - PK17589

CONFIRM - http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27006881

SECUNIA - 20032

BUGTRAQ - 20060509 IBM Websphere Application Server Multiple Vulnerabilities

VUPEN - ADV-2006-1736

SREASON - 910


Last Updated: 27 May 2016 10:42:28