1. CVE-Search
  2. CVE-2006-0427
ID CVE-2006-0427
Summary Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 9.0 and 8.1 through SP5 allows malicious EJBs or servlet applications to decrypt system passwords, possibly by accessing functionality that should have been restricted.
References
Vulnerable Configurations
  • cpe:2.3:a:bea:weblogic_server:8.1:sp1:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:8.1:sp1:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:8.1:sp1:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:8.1:sp1:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:8.1:sp2:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:8.1:sp2:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:8.1:sp2:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:8.1:sp2:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:8.1:sp3:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:8.1:sp3:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:8.1:sp3:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:8.1:sp3:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:8.1:sp4:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:8.1:sp4:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:8.1:sp4:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:8.1:sp4:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:8.1:sp5:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:8.1:sp5:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:8.1:sp5:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:8.1:sp5:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:9.0:sp1:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:9.0:sp1:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:9.0:sp1:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:9.0:sp1:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:9.0:sp2:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:9.0:sp2:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:9.0:sp2:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:9.0:sp2:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:9.0:sp3:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:9.0:sp3:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:9.0:sp3:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:9.0:sp3:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:9.0:sp4:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:9.0:sp4:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:9.0:sp4:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:9.0:sp4:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:9.0:sp5:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:9.0:sp5:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:9.0:sp5:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:9.0:sp5:express:*:*:*:*:*
CVSS
Base: 2.1 (as of 20-07-2017 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:L/AC:L/Au:N/C:P/I:N/A:N
refmap via4
bea BEA06-114.00
bid 16358
osvdb 22774
sectrack 1015528
secunia 18592
vupen ADV-2006-0313
xf weblogic-servlets-obtain-information(24291)
Last major update 20-07-2017 - 01:29
Published 25-01-2006 - 23:07
Last modified 20-07-2017 - 01:29
Back to Top