Vulnerability Description
Multiple vulnerabilities in BEA WebLogic Server 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7 leak sensitive information to remote attackers, including (1) DNS and IP addresses to address to T3 clients, (2) internal sensitive information using GetIORServlet, (3) certain "server details" in exceptions when invalid XML is provided, and (4) a stack trace in a SOAP fault.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bea | Weblogic Server | 6.1 |
References
- http://dev2dev.bea.com/pub/advisory/187PatchVendor Advisory
- http://secunia.com/advisories/20130PatchVendor Advisory
- http://securitytracker.com/id?1016096
- http://www.vupen.com/english/advisories/2006/1828
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26465
- http://dev2dev.bea.com/pub/advisory/187PatchVendor Advisory
- http://secunia.com/advisories/20130PatchVendor Advisory
- http://securitytracker.com/id?1016096
- http://www.vupen.com/english/advisories/2006/1828
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26465
FAQ
What is CVE-2006-2471?
CVE-2006-2471 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Multiple vulnerabilities in BEA WebLogic Server 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7 leak sensitive information to remote attackers, including (1) DNS and IP addresses to address to T...
How severe is CVE-2006-2471?
CVE-2006-2471 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-2471?
Check the references section above for vendor advisories and patch information. Affected products include: Bea Weblogic Server.