PT-2006-3417 · Bea · Bea Weblogic Server
Published
2006-05-19
·
Updated
2017-07-20
·
CVE-2006-2469
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
BEA WebLogic Server versions 6.1 up to SP7
BEA WebLogic Server versions 7.0 up to SP6
BEA WebLogic Server versions 8.1 up to SP5
BEA WebLogic Server version 9.0
Description
The issue allows attackers to gain privileges by storing usernames and passwords in cleartext in the WebLogic Server log when access to a web application or protected JWS fails.
Recommendations
For BEA WebLogic Server versions 6.1 up to SP7, consider updating the logging configuration to exclude sensitive information.
For BEA WebLogic Server versions 7.0 up to SP6, consider updating the logging configuration to exclude sensitive information.
For BEA WebLogic Server versions 8.1 up to SP5, consider updating the logging configuration to exclude sensitive information.
For BEA WebLogic Server version 9.0, consider updating the logging configuration to exclude sensitive information.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Bea Weblogic Server