CVE-2006-2469

Name of the Vulnerable Software and Affected Versions BEA WebLogic Server versions 6.1 up to SP7 BEA WebLogic Server versions 7.0 up to SP6 BEA WebLogic Server versions 8.1 up to SP5 BEA WebLogic Server version 9.0

Description The issue allows attackers to gain privileges by storing usernames and passwords in cleartext in the WebLogic Server log when access to a web application or protected JWS fails.

Recommendations For BEA WebLogic Server versions 6.1 up to SP7, consider updating the logging configuration to exclude sensitive information. For BEA WebLogic Server versions 7.0 up to SP6, consider updating the logging configuration to exclude sensitive information. For BEA WebLogic Server versions 8.1 up to SP5, consider updating the logging configuration to exclude sensitive information. For BEA WebLogic Server version 9.0, consider updating the logging configuration to exclude sensitive information.