CVE-2006-0432
BEA WebLogic Server & WebLogic Express 9.0 - Info Disclosure
Title source: llmDescription
Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 9.0, when an Administrator uses the WebLogic Administration Console to add custom security policies, causes incorrect policies to be created, which prevents the server from properly protecting JNDI resources.
References (6)
Core 6
Core References
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/0313
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/24299
Patch vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1015528
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18592
Patch, Vendor Advisory vendor-advisory
x_refsource_bea
http://dev2dev.bea.com/pub/advisory/176
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/16358
Scores
EPSS
0.0010
EPSS Percentile
28.1%
Details
Status
published
Products (1)
bea/weblogic_server
9.0 (2 CPE variants)
Published
Jan 25, 2006
Tracked Since
Feb 18, 2026