Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2471

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-2471
Last Modified 07 Mar 2011 09:36:15
Published 19 May 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2471

Summary

Multiple vulnerabilities in BEA WebLogic Server 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7 leak sensitive information to remote attackers, including (1) DNS and IP addresses to address to T3 clients, (2) internal sensitive information using GetIORServlet, (3) certain "server details" in exceptions when invalid XML is provided, and (4) a stack trace in a SOAP fault.

Vulnerable Systems

Application

  • Bea Weblogic Server 6.1

  • Bea Weblogic Server 7.0

  • Bea Weblogic Server 8.1


References

SECUNIA - 20130

BEA - BEA06-125.00

VUPEN - ADV-2006-1828

XF - weblogic-internal-information-disclosure(26465)

SECTRACK - 1016096


Last Updated: 27 May 2016 10:42:28