Vulnerabilities > CVE-2006-2430 - Remote Security vulnerability in Websphere Application Server
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
IBM WebSphere Application Server 5.0.2 and earlier, 5.1.1 and earlier, and 6.0.2 up to 6.0.2.7 records user credentials in plaintext in addNode.log, which allows attackers to gain privileges.
Vulnerable Configurations
References
- http://archives.neohapsis.com/archives/bugtraq/2006-05/0175.html
- http://secunia.com/advisories/20032
- http://securityreason.com/securityalert/910
- http://www.osvdb.org/25372
- http://www.vupen.com/english/advisories/2006/1736
- http://www-1.ibm.com/support/docview.wss?rs=0&dc=DB550&q1=PK16492&uid=swg1PK22416&loc=en_US&cs=utf-8&lang=
- http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24011773
- http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24012009
- http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24012064
- http://www-1.ibm.com/support/search.wss?rs=0&q=PK16492&apar=only