| Vulnerability Name: | CVE-2006-0432 (CCN-24299) | ||||||||
| Assigned: | 2006-01-23 | ||||||||
| Published: | 2006-01-23 | ||||||||
| Updated: | 2017-07-20 | ||||||||
| Summary: | Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 9.0, when an Administrator uses the WebLogic Administration Console to add custom security policies, causes incorrect policies to be created, which prevents the server from properly protecting JNDI resources. | ||||||||
| CVSS v3 Severity: | 4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Other | ||||||||
| References: | Source: MITRE Type: CNA CVE-2006-0432 Source: BEA Type: Patch, Vendor Advisory BEA06-119.00 Source: CCN Type: SA18592 BEA WebLogic Server/Express Vulnerabilities and Security Issues Source: SECUNIA Type: Patch, Vendor Advisory 18592 Source: CCN Type: SECTRACK ID: 1015528 BEA WebLogic Multiple Bugs Let Remote Users Deny Service, Obtain Information, and Access Restricted Resources Source: SECTRACK Type: Patch 1015528 Source: CCN Type: OSVDB ID: 22770 BEA WebLogic Admin Console JNDI Resource Security Policy Issue Source: BID Type: UNKNOWN 16358 Source: CCN Type: BID-16358 BEA WebLogic Multiple Vulnerabilities Source: VUPEN Type: UNKNOWN ADV-2006-0313 Source: XF Type: UNKNOWN weblogic-jdni-security-weakness(24299) Source: XF Type: UNKNOWN weblogic-jdni-security-weakness(24299) Source: CCN Type: BEA Systems Inc. Security Advisory: (BEA06-119.00) Console applies incorrect JNDI policies. | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||