Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2469

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-2469
Last Modified 07 Mar 2011 09:36:15
Published 19 May 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2469

Summary

The HTTP handlers in BEA WebLogic Server 9.0, 8.1 up to SP5, 7.0 up to SP6, and 6.1 up to SP7 stores the username and password in cleartext in the WebLogic Server log when access to a web application or protected JWS fails, which allows attackers to gain privileges.

Vulnerable Systems

Application

  • Bea Weblogic Server 6.0

  • Bea Weblogic Server 6.1

  • Bea Weblogic Server 7.0

  • Bea Weblogic Server 8.1

  • Bea Weblogic Server 9.0


References

SECUNIA - 20130

BEA - BEA06-127.00

VUPEN - ADV-2006-1828

XF - weblogic-server-log-password-cleartext(26463)

SECTRACK - 1016098


Last Updated: 27 May 2016 10:42:28