Vulnerability Description
BEA WebLogic Server 8.1 up to SP4 and 7.0 up to SP6 allows remote attackers to obtain the source code of JSP pages during certain circumstances related to a "timing window" when a compilation error occurs, aka the "JSP showcode vulnerability."
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bea | Weblogic Server | 7.0 |
References
- http://dev2dev.bea.com/pub/advisory/192PatchVendor Advisory
- http://secunia.com/advisories/20130PatchVendor Advisory
- http://securitytracker.com/id?1016100
- http://www.vupen.com/english/advisories/2006/1828
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26461
- http://dev2dev.bea.com/pub/advisory/192PatchVendor Advisory
- http://secunia.com/advisories/20130PatchVendor Advisory
- http://securitytracker.com/id?1016100
- http://www.vupen.com/english/advisories/2006/1828
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26461
FAQ
What is CVE-2006-2466?
CVE-2006-2466 is a vulnerability with a CVSS score of 2.6 (LOW). BEA WebLogic Server 8.1 up to SP4 and 7.0 up to SP6 allows remote attackers to obtain the source code of JSP pages during certain circumstances related to a "timing window" when a compilation error oc...
How severe is CVE-2006-2466?
CVE-2006-2466 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-2466?
Check the references section above for vendor advisories and patch information. Affected products include: Bea Weblogic Server.