| Vulnerability Name: | CVE-2006-2467 (CCN-26462) | ||||||||
| Assigned: | 2006-05-15 | ||||||||
| Published: | 2006-05-15 | ||||||||
| Updated: | 2017-07-20 | ||||||||
| Summary: | BEA WebLogic Server 8.1 up to SP4, 7.0 up to SP6, and 6.1 up to SP7 displays the internal IP address of the WebLogic server in the WebLogic Server Administration Console, which allows remote authenticated administrators to determine the address. | ||||||||
| CVSS v3 Severity: | 3.5 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: MITRE Type: CNA CVE-2006-2467 Source: BEA Type: Patch, Vendor Advisory BEA06-129.00 Source: CCN Type: SA20130 BEA WebLogic Server/Express Multiple Security Issues Source: SECUNIA Type: Patch, Vendor Advisory 20130 Source: CCN Type: SECTRACK ID: 1016097 WebLogic Server May Incorrectly Remove JDBC Security Policies Source: SECTRACK Type: UNKNOWN 1016097 Source: CCN Type: SECTRACK ID: 1016099 WebLogic Server Console Displays the Domain Name Prior to Authentication Source: SECTRACK Type: UNKNOWN 1016099 Source: CCN Type: OSVDB ID: 25548 BEA WebLogic Administration Console Internal IP Address Disclosure Source: CCN Type: BID-17982 BEA WebLogic Multiple Vulnerabilities Source: VUPEN Type: UNKNOWN ADV-2006-1828 Source: XF Type: UNKNOWN weblogic-console-ip-disclosure(26462) Source: XF Type: UNKNOWN weblogic-console-ip-disclosure(26462) Source: CCN Type: BEA Systems Inc. Security Advisory: (BEA06-129.00) Console displays the WebLogic Server IP address | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||