Vulnerabilities > CVE-2006-2469 - Remote Security vulnerability in Weblogic Server

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

bea

NVD

Published: 2006-05-19

Updated: 2017-07-20

Summary

The HTTP handlers in BEA WebLogic Server 9.0, 8.1 up to SP5, 7.0 up to SP6, and 6.1 up to SP7 stores the username and password in cleartext in the WebLogic Server log when access to a web application or protected JWS fails, which allows attackers to gain privileges.

Vulnerable Configurations

Part	Description	Count
Application	Bea BEA Weblogic Server 6.0 BEA Weblogic Server 6.1 BEA Weblogic Server 7.0 BEA Weblogic Server 8.1 BEA Weblogic Server 9.0	19

References

http://dev2dev.bea.com/pub/advisory/189
http://secunia.com/advisories/20130
http://securitytracker.com/id?1016098
http://www.vupen.com/english/advisories/2006/1828
https://exchange.xforce.ibmcloud.com/vulnerabilities/26463