CVE-2006-0426
BEA WebLogic Server & WebLogic Express <8.1.SP4 - Info Disclosure
Title source: llmDescription
BEA WebLogic Server and WebLogic Express 8.1 through SP4, when configuration auditing is enabled and a password change occurs, stores the old and new passwords in cleartext in the DefaultAuditRecorder.log file, which could allow attackers to gain privileges.
References (7)
Core 7
Core References
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/0313
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/22775
Patch vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1015528
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18592
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/16358
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/24290
Patch, Vendor Advisory vendor-advisory
x_refsource_bea
http://dev2dev.bea.com/pub/advisory/170
Scores
EPSS
0.0075
EPSS Percentile
73.3%
Details
Status
published
Products (1)
bea/weblogic_server
8.1 sp1 (8 CPE variants)
Published
Jan 25, 2006
Tracked Since
Feb 18, 2026