CVE-2006-2471

Name of the Vulnerable Software and Affected Versions BEA WebLogic Server versions 6.1 through SP7 BEA WebLogic Server versions 7.0 through SP6 BEA WebLogic Server versions 8.1 through SP4

Description The issue allows remote attackers to obtain sensitive information, including DNS and IP addresses, internal sensitive information, server details in exceptions, and a stack trace in a SOAP fault. This is achieved through various means, such as interactions with T3 clients, the use of GetIORServlet, the provision of invalid XML, and the analysis of SOAP faults.

Recommendations For BEA WebLogic Server versions 6.1 through SP7, update to a version later than SP7 to resolve the issue. For BEA WebLogic Server versions 7.0 through SP6, update to a version later than SP6 to resolve the issue. For BEA WebLogic Server versions 8.1 through SP4, update to a version later than SP4 to resolve the issue.