CVE-2006-2469

critical

Description

The HTTP handlers in BEA WebLogic Server 9.0, 8.1 up to SP5, 7.0 up to SP6, and 6.1 up to SP7 stores the username and password in cleartext in the WebLogic Server log when access to a web application or protected JWS fails, which allows attackers to gain privileges.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/26463

http://www.vupen.com/english/advisories/2006/1828

http://securitytracker.com/id?1016098

http://secunia.com/advisories/20130

http://dev2dev.bea.com/pub/advisory/189

Details

Source: Mitre, NVD

Published: 2006-05-19

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00692