Vulnerability Details CVE-2006-2469
The HTTP handlers in BEA WebLogic Server 9.0, 8.1 up to SP5, 7.0 up to SP6, and 6.1 up to SP7 stores the username and password in cleartext in the WebLogic Server log when access to a web application or protected JWS fails, which allows attackers to gain privileges.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 70.8%
CVSS Severity
CVSS v2 Score 7.5
References
- http://dev2dev.bea.com/pub/advisory/189
- http://secunia.com/advisories/20130
- http://securitytracker.com/id?1016098
- http://www.vupen.com/english/advisories/2006/1828
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26463
- http://dev2dev.bea.com/pub/advisory/189
- http://secunia.com/advisories/20130
- http://securitytracker.com/id?1016098
- http://www.vupen.com/english/advisories/2006/1828
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26463
Products affected by CVE-2006-2469
-
cpe:2.3:a:bea:weblogic_server:6.0
-
cpe:2.3:a:bea:weblogic_server:6.1
-
cpe:2.3:a:bea:weblogic_server:7.0
-
cpe:2.3:a:bea:weblogic_server:8.1
-
cpe:2.3:a:bea:weblogic_server:9.0