PT-2006-3420 · Bea · Bea Weblogic Server

Published

2006-05-19

Updated

2017-07-20

CVE-2006-2472

CVSS v2.0

4.9

Medium

Vector

AV:L/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions BEA WebLogic Server versions 6.1 through SP7 BEA WebLogic Server versions 7.0 through SP6 BEA WebLogic Server versions 8.1 through SP5 BEA WebLogic Server version 9.0 BEA WebLogic Server version 9.1

Description The issue allows untrusted applications to obtain private server keys.

Recommendations For BEA WebLogic Server versions 6.1 through SP7, consider restricting access to private server keys until a fix is available. For BEA WebLogic Server versions 7.0 through SP6, consider restricting access to private server keys until a fix is available. For BEA WebLogic Server versions 8.1 through SP5, consider restricting access to private server keys until a fix is available. For BEA WebLogic Server version 9.0, consider restricting access to private server keys until a fix is available. For BEA WebLogic Server version 9.1, consider restricting access to private server keys until a fix is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-2472

Affected Products

Bea Weblogic Server

PT-2006-3420 · Bea · Bea Weblogic Server

CVE-2006-2472

Related Identifiers

Affected Products

References · 7