CVE-2006-0427

Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 9.0 and 8.1 through SP5 allows malicious EJBs or servlet applications to decrypt system passwords, possibly by accessing functionality that should have been restricted.

CVSS v2.0 2.1 LOW

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://dev2dev.bea.com/pub/advisory/171	Patch Vendor Advisory
http://secunia.com/advisories/18592	Patch Vendor Advisory
http://securitytracker.com/id?1015528	Patch
http://www.osvdb.org/22774
http://www.securityfocus.com/bid/16358
http://www.vupen.com/english/advisories/2006/0313
https://exchange.xforce.ibmcloud.com/vulnerabilities/24291

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:bea:weblogic_server:8.1:sp1::::::
	cpe:2.3:a:bea:weblogic_server:8.1:sp1:express:::::*
	cpe:2.3:a:bea:weblogic_server:8.1:sp2::::::
	cpe:2.3:a:bea:weblogic_server:8.1:sp2:express:::::*
	cpe:2.3:a:bea:weblogic_server:8.1:sp3::::::
	cpe:2.3:a:bea:weblogic_server:8.1:sp3:express:::::*
	cpe:2.3:a:bea:weblogic_server:8.1:sp4::::::
	cpe:2.3:a:bea:weblogic_server:8.1:sp4:express:::::*
	cpe:2.3:a:bea:weblogic_server:8.1:sp5::::::
	cpe:2.3:a:bea:weblogic_server:8.1:sp5:express:::::*
	cpe:2.3:a:bea:weblogic_server:9.0:sp1::::::
	cpe:2.3:a:bea:weblogic_server:9.0:sp1:express:::::*
	cpe:2.3:a:bea:weblogic_server:9.0:sp2::::::
	cpe:2.3:a:bea:weblogic_server:9.0:sp2:express:::::*
	cpe:2.3:a:bea:weblogic_server:9.0:sp3::::::
	cpe:2.3:a:bea:weblogic_server:9.0:sp3:express:::::*
	cpe:2.3:a:bea:weblogic_server:9.0:sp4::::::
	cpe:2.3:a:bea:weblogic_server:9.0:sp4:express:::::*
	cpe:2.3:a:bea:weblogic_server:9.0:sp5::::::
	cpe:2.3:a:bea:weblogic_server:9.0:sp5:express:::::*

History

No history.

Information

Published : 2006-01-25 23:07

Updated : 2017-07-20 01:29

NVD link : CVE-2006-0427

Mitre link : CVE-2006-0427

CVE.ORG link : CVE-2006-0427

JSON object : View

Products Affected

bea

weblogic_server

CWE

NVD-CWE-Other

{"id": "CVE-2006-0427", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-01-25T23:07:00.000", "references": [{"url": "http://dev2dev.bea.com/pub/advisory/171", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/18592", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1015528", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/22774", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/16358", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/0313", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24291", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 9.0 and 8.1 through SP5 allows malicious EJBs or servlet applications to decrypt system passwords, possibly by accessing functionality that should have been restricted."}], "lastModified": "2017-07-20T01:29:45.377", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6F5B2A06-CE19-4A57-9566-09FC1E259CDB"}, {"criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp1:express:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F7560131-A6AC-4BBB-AA2D-C7C63AB51226"}, {"criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D18E22CC-A0FC-4BC7-AD39-2645F57486C1"}, {"criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp2:express:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "893C2387-03E3-4F8E-9029-BC64C64239EF"}, {"criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9429D939-FCC4-4BA7-90C4-BBEECE7309D0"}, {"criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp3:express:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "55661356-58E0-49D3-9C79-B4BB5EBE24CF"}, {"criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0653ACAC-B0D9-4381-AB23-11D24852A414"}, {"criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp4:express:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "107C2FC6-BC60-4817-8A21-14C81DA6DEF5"}, {"criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A489A8E-D3AE-42DF-8DCF-5A9EF10778FA"}, {"criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp5:express:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "24E0BA12-971C-4DC4-8ED2-9B7DCD6390E7"}, {"criteria": "cpe:2.3:a:bea:weblogic_server:9.0:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E758AF8B-B47F-4CE7-B73E-3638180C9D79"}, {"criteria": "cpe:2.3:a:bea:weblogic_server:9.0:sp1:express:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "651994FC-395B-4268-B976-281B8A34957E"}, {"criteria": "cpe:2.3:a:bea:weblogic_server:9.0:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6AC47FAA-AB16-4728-AE0B-C0C90861D809"}, {"criteria": "cpe:2.3:a:bea:weblogic_server:9.0:sp2:express:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E800B227-C828-48CA-B5EF-F315823CD30F"}, {"criteria": "cpe:2.3:a:bea:weblogic_server:9.0:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "10E284B8-4EBE-459D-87BA-401BC2AE29C5"}, {"criteria": "cpe:2.3:a:bea:weblogic_server:9.0:sp3:express:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "56476419-F51B-465C-8BA8-529C59123351"}, {"criteria": "cpe:2.3:a:bea:weblogic_server:9.0:sp4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5F588A56-E4CB-44A4-A4D3-BFA89D1C6BD6"}, {"criteria": "cpe:2.3:a:bea:weblogic_server:9.0:sp4:express:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B23822A2-0B53-4CCC-B62B-8CE48B23F745"}, {"criteria": "cpe:2.3:a:bea:weblogic_server:9.0:sp5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "05E4CCAC-8E99-49DE-8E90-18F5C03BBC94"}, {"criteria": "cpe:2.3:a:bea:weblogic_server:9.0:sp5:express:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A19E505D-C095-4266-83C6-414454FB30E3"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}