Vulnerabilities > CVE-2006-2469 - Unspecified vulnerability in BEA Weblogic Server
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The HTTP handlers in BEA WebLogic Server 9.0, 8.1 up to SP5, 7.0 up to SP6, and 6.1 up to SP7 stores the username and password in cleartext in the WebLogic Server log when access to a web application or protected JWS fails, which allows attackers to gain privileges.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 19 |
References
- http://dev2dev.bea.com/pub/advisory/189
- http://dev2dev.bea.com/pub/advisory/189
- http://secunia.com/advisories/20130
- http://secunia.com/advisories/20130
- http://securitytracker.com/id?1016098
- http://securitytracker.com/id?1016098
- http://www.vupen.com/english/advisories/2006/1828
- http://www.vupen.com/english/advisories/2006/1828
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26463
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26463