Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2464

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2006-2464
Last Modified 07 Mar 2011 09:36:15
Published 19 May 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2006-2464

Summary

stopWebLogic.sh in BEA WebLogic Server 8.1 before Service Pack 4 and 7.0 before Service Pack 6 displays the administrator password to stdout when executed, which allows local users to obtain the password by viewing a local display.

Vulnerable Systems

Application

  • Bea Weblogic Server 7.0

  • Bea Weblogic Server 8.1


References

SECTRACK - 1016094

SECUNIA - 20130

BEA - BEA06-121.00

VUPEN - ADV-2006-1828

XF - weblogic-stopweblogic-password-disclosure(26467)


Last Updated: 27 May 2016 10:42:28