CVE-2006-2466

high

Description

BEA WebLogic Server 8.1 up to SP4 and 7.0 up to SP6 allows remote attackers to obtain the source code of JSP pages during certain circumstances related to a "timing window" when a compilation error occurs, aka the "JSP showcode vulnerability."

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/26461

http://www.vupen.com/english/advisories/2006/1828

http://securitytracker.com/id?1016100

http://secunia.com/advisories/20130

http://dev2dev.bea.com/pub/advisory/192

Details

Source: Mitre, NVD

Published: 2006-05-19

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 2.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

EPSS

EPSS: 0.00378