| Vulnerability Name: | CVE-2006-0427 (CCN-24291) | ||||||||
| Assigned: | 2006-01-23 | ||||||||
| Published: | 2006-01-23 | ||||||||
| Updated: | 2017-07-20 | ||||||||
| Summary: | Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 9.0 and 8.1 through SP5 allows malicious EJBs or servlet applications to decrypt system passwords, possibly by accessing functionality that should have been restricted. | ||||||||
| CVSS v3 Severity: | 4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: MITRE Type: CNA CVE-2006-0427 Source: BEA Type: Patch, Vendor Advisory BEA06-114.00 Source: CCN Type: BEA Systems Inc. Web site BEA Product Documentation Source: CCN Type: SA18592 BEA WebLogic Server/Express Vulnerabilities and Security Issues Source: SECUNIA Type: Patch, Vendor Advisory 18592 Source: CCN Type: SECTRACK ID: 1015528 BEA WebLogic Multiple Bugs Let Remote Users Deny Service, Obtain Information, and Access Restricted Resources Source: SECTRACK Type: Patch 1015528 Source: OSVDB Type: UNKNOWN 22774 Source: CCN Type: OSVDB ID: 22774 BEA WebLogic Application Code Password Decryption Source: BID Type: UNKNOWN 16358 Source: CCN Type: BID-16358 BEA WebLogic Multiple Vulnerabilities Source: VUPEN Type: UNKNOWN ADV-2006-0313 Source: XF Type: UNKNOWN weblogic-servlets-obtain-information(24291) Source: XF Type: UNKNOWN weblogic-servlets-obtain-information(24291) Source: CCN Type: BEA Systems Inc. Security Advisory: (BEA06-114.00) Application code installed on a server may be able to decrypt passwords Source: CCN Type: BEA Systems Inc. Security Advisory: (BEA06-114.01) Application code installed on a server may be able to decrypt passwords | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||