CVE-2006-2471

BEA WebLogic Server <8.1 SP4, 7.0 SP6, 6.1 SP7 - Info Disclosure

Title source: llm

Description

Multiple vulnerabilities in BEA WebLogic Server 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7 leak sensitive information to remote attackers, including (1) DNS and IP addresses to address to T3 clients, (2) internal sensitive information using GetIORServlet, (3) certain "server details" in exceptions when invalid XML is provided, and (4) a stack trace in a SOAP fault.

References (5)

Core 5

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/26465

Patch, Vendor Advisory vendor-advisory x_refsource_bea

http://dev2dev.bea.com/pub/advisory/187

Patch, Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/20130

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2006/1828

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1016096

Scores

EPSS 0.0039

EPSS Percentile 60.4%

Details

Status published

Products (3)

bea/weblogic_server 6.1 (16 CPE variants)

bea/weblogic_server 7.0 (14 CPE variants)

bea/weblogic_server 8.1 (10 CPE variants)

Published May 19, 2006

Tracked Since Feb 18, 2026