| Vulnerability Name: | CVE-2006-2468 (CCN-26468) | ||||||||
| Assigned: | 2006-05-15 | ||||||||
| Published: | 2006-05-15 | ||||||||
| Updated: | 2017-07-20 | ||||||||
| Summary: | The WebLogic Server Administration Console in BEA WebLogic Server 8.1 up to SP4 and 7.0 up to SP6 displays the domain name in the Console login form, which allows remote attackers to obtain sensitive information. | ||||||||
| CVSS v3 Severity: | 3.5 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: MITRE Type: CNA CVE-2006-2468 Source: BEA Type: Patch, Vendor Advisory BEA06-128.00 Source: CCN Type: SA20130 BEA WebLogic Server/Express Multiple Security Issues Source: SECUNIA Type: Patch, Vendor Advisory 20130 Source: CCN Type: SECTRACK ID: 1016097 WebLogic Server May Incorrectly Remove JDBC Security Policies Source: SECTRACK Type: UNKNOWN 1016097 Source: CCN Type: SECTRACK ID: 1016099 WebLogic Server Console Displays the Domain Name Prior to Authentication Source: SECTRACK Type: UNKNOWN 1016099 Source: CCN Type: OSVDB ID: 25549 BEA WebLogic Administration Console Login Form Domain Name Disclosure Source: CCN Type: BID-17982 BEA WebLogic Multiple Vulnerabilities Source: VUPEN Type: UNKNOWN ADV-2006-1828 Source: XF Type: UNKNOWN weblogic-domain-name-disclosure(26468) Source: XF Type: UNKNOWN weblogic-domain-name-disclosure(26468) Source: CCN Type: BEA Systems Inc. Security Advisory: (BEA06-128.00) Domain name is exposed on Console login form | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||