CVE-2006-2430

IBM WebSphere Application Server 5.0.2 and earlier, 5.1.1 and earlier, and 6.0.2 up to 6.0.2.7 records user credentials in plaintext in addNode.log, which allows attackers to gain privileges.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2006-05/0175.html	Patch
http://secunia.com/advisories/20032	Patch Vendor Advisory
http://securityreason.com/securityalert/910
http://www-1.ibm.com/support/docview.wss?rs=0&dc=DB550&q1=PK16492&uid=swg1PK22416&loc=en_US&cs=utf-8&lang=	Patch
http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24011773	Patch
http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24012009	Patch
http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24012064	Patch
http://www-1.ibm.com/support/search.wss?rs=0&q=PK16492&apar=only	Patch
http://www.osvdb.org/25372
http://www.vupen.com/english/advisories/2006/1736

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:websphere_application_server:5.0.0:::::::*
	cpe:2.3:a:ibm:websphere_application_server:5.0.1:::::::*
	cpe:2.3:a:ibm:websphere_application_server:5.0.2:::::::*
	cpe:2.3:a:ibm:websphere_application_server:5.1.0:::::::*
	cpe:2.3:a:ibm:websphere_application_server:5.1.1:::::::*
	cpe:2.3:a:ibm:websphere_application_server:6.0.2:::::::*
	cpe:2.3:a:ibm:websphere_application_server:6.0.2.1:::::::*
	cpe:2.3:a:ibm:websphere_application_server:6.0.2.2:::::::*
	cpe:2.3:a:ibm:websphere_application_server:6.0.2.3:::::::*
	cpe:2.3:a:ibm:websphere_application_server:6.0.2.4:::::::*
	cpe:2.3:a:ibm:websphere_application_server:6.0.2.5:::::::*
	cpe:2.3:a:ibm:websphere_application_server:6.0.2.6:::::::*
	cpe:2.3:a:ibm:websphere_application_server:6.0.2.7:::::::*

History

No history.

Information

Published : 2006-05-17 10:06

Updated : 2011-03-08 02:36

NVD link : CVE-2006-2430

Mitre link : CVE-2006-2430

CVE.ORG link : CVE-2006-2430

JSON object : View

Products Affected

ibm

websphere_application_server

CWE

NVD-CWE-Other

{"id": "CVE-2006-2430", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-05-17T10:06:00.000", "references": [{"url": "http://archives.neohapsis.com/archives/bugtraq/2006-05/0175.html", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/20032", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/910", "source": "cve@mitre.org"}, {"url": "http://www-1.ibm.com/support/docview.wss?rs=0&dc=DB550&q1=PK16492&uid=swg1PK22416&loc=en_US&cs=utf-8&lang=", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24011773", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24012009", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24012064", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www-1.ibm.com/support/search.wss?rs=0&q=PK16492&apar=only", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/25372", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/1736", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "IBM WebSphere Application Server 5.0.2 and earlier, 5.1.1 and earlier, and 6.0.2 up to 6.0.2.7 records user credentials in plaintext in addNode.log, which allows attackers to gain privileges."}], "lastModified": "2011-03-08T02:36:11.767", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:websphere_application_server:5.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "84200300-1985-4770-81E0-31CB2CB99DCB"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:5.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8873A6A6-D840-48E2-AED2-BB8584E3817A"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:5.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB3F05B9-6EE1-4838-AD41-7DD329E71E3E"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:5.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "66DB2053-6DFD-4FF6-A6E9-444281531E24"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:5.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "31419896-89F7-43A2-8B7C-3B92744BBC46"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:6.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "714C405D-1E8F-45C1-8A09-5103F0080C76"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C7F31FD3-8681-4F07-9644-5CC87D512520"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C2604E01-E43E-4882-8896-5E646E850286"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "458BAD79-958E-4665-B1F8-0D46E0C57045"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0B68EE27-CC4F-4530-9DFE-D94171C45F64"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC1A723F-D685-4FE5-8938-5682A2D02155"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "810E5AEC-5C35-4962-B9BB-32D66290D1D2"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9643B593-DADF-4F57-B41E-541C7F554A4C"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

10.0 /10