Vulnerability Details CVE-2006-2466
BEA WebLogic Server 8.1 up to SP4 and 7.0 up to SP6 allows remote attackers to obtain the source code of JSP pages during certain circumstances related to a "timing window" when a compilation error occurs, aka the "JSP showcode vulnerability."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 59.4%
CVSS Severity
CVSS v2 Score 2.6
References
- http://dev2dev.bea.com/pub/advisory/192
- http://secunia.com/advisories/20130
- http://securitytracker.com/id?1016100
- http://www.vupen.com/english/advisories/2006/1828
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26461
- http://dev2dev.bea.com/pub/advisory/192
- http://secunia.com/advisories/20130
- http://securitytracker.com/id?1016100
- http://www.vupen.com/english/advisories/2006/1828
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26461
Products affected by CVE-2006-2466
-
cpe:2.3:a:bea:weblogic_server:7.0
-
cpe:2.3:a:bea:weblogic_server:8.1