← back
CVE-2006-2469

CVE-2006-2469

EPSS 1.3%
The HTTP handlers in BEA WebLogic Server 9.0, 8.1 up to SP5, 7.0 up to SP6, and 6.1 up to SP7 stores the username and password in cleartext in the WebLogic Server log when access to a web application or protected JWS fails, which allows attackers to gain privileges.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://dev2dev.bea.com/pub/advisory/189http://secunia.com/advisories/20130http://securitytracker.com/id?1016098https://exchange.xforce.ibmcloud.com/vulnerabilities/26463http://www.vupen.com/english/advisories/2006/1828