Vulnerability Description
The WebLogic Server Administration Console in BEA WebLogic Server 8.1 up to SP4 and 7.0 up to SP6 displays the domain name in the Console login form, which allows remote attackers to obtain sensitive information.
CVSS Score
4.0
MEDIUM
AV:N/AC:L/Au:S/C:P/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bea | Weblogic Server | 7.0 |
References
- http://dev2dev.bea.com/pub/advisory/190PatchVendor Advisory
- http://secunia.com/advisories/20130PatchVendor Advisory
- http://securitytracker.com/id?1016097
- http://securitytracker.com/id?1016099
- http://www.vupen.com/english/advisories/2006/1828
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26468
- http://dev2dev.bea.com/pub/advisory/190PatchVendor Advisory
- http://secunia.com/advisories/20130PatchVendor Advisory
- http://securitytracker.com/id?1016097
- http://securitytracker.com/id?1016099
- http://www.vupen.com/english/advisories/2006/1828
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26468
FAQ
What is CVE-2006-2468?
CVE-2006-2468 is a vulnerability with a CVSS score of 4.0 (MEDIUM). The WebLogic Server Administration Console in BEA WebLogic Server 8.1 up to SP4 and 7.0 up to SP6 displays the domain name in the Console login form, which allows remote attackers to obtain sensitive ...
How severe is CVE-2006-2468?
CVE-2006-2468 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-2468?
Check the references section above for vendor advisories and patch information. Affected products include: Bea Weblogic Server.