Vulnerability CVE-2006-2430


Published: 2006-05-17   Modified: 2012-02-12

Description:
IBM WebSphere Application Server 5.0.2 and earlier, 5.1.1 and earlier, and 6.0.2 up to 6.0.2.7 records user credentials in plaintext in addNode.log, which allows attackers to gain privileges.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
IBM Websphere Application Server Multiple Vulnerabilities
SnoB
19.05.2006

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
IBM -> Websphere application server 

 References:
http://www-1.ibm.com/support/search.wss?rs=0&q=PK16492&apar=only
http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24012064
http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24012009
http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24011773
http://www-1.ibm.com/support/docview.wss?rs=0&dc=DB550&q1=PK16492&uid=swg1PK22416&loc=en_US&cs=utf-8&lang
=
http://secunia.com/advisories/20032
http://archives.neohapsis.com/archives/bugtraq/2006-05/0175.html
http://www.vupen.com/english/advisories/2006/1736
http://www.osvdb.org/25372
http://securityreason.com/securityalert/910

Copyright 2022, cxsecurity.com

 

Back to Top