CVE-2006-0419
First published: Wed Jan 25 2006(Updated: )
BEA WebLogic Server and WebLogic Express 9.0, 8.1 through SP5, and 7.0 through SP6 allows anonymous binds to the embedded LDAP server, which allows remote attackers to read user entries or cause a denial of service (unspecified) via a large number of connections.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle WebLogic Server | =7.0-sp2 | |
| Oracle WebLogic Server | =9.0 | |
| Oracle WebLogic Server | =7.0-sp4 | |
| Oracle WebLogic Server | =8.1-sp5 | |
| Oracle WebLogic Server | =7.0-sp6 | |
| Oracle WebLogic Server | =7.0-sp3 | |
| Oracle WebLogic Server | =8.1-sp5 | |
| Oracle WebLogic Server | =8.1-sp3 | |
| Oracle WebLogic Server | =7.0-sp2 | |
| Oracle WebLogic Server | =7.0-sp3 | |
| Oracle WebLogic Server | =8.1-sp4 | |
| Oracle WebLogic Server | =7.0-sp5 | |
| Oracle WebLogic Server | =7.0-sp5 | |
| Oracle WebLogic Server | =8.1-sp1 | |
| Oracle WebLogic Server | =9.0 | |
| Oracle WebLogic Server | =8.1-sp3 | |
| Oracle WebLogic Server | =8.1-sp2 | |
| Oracle WebLogic Server | =7.0-sp1 | |
| Oracle WebLogic Server | =8.1-sp1 | |
| Oracle WebLogic Server | =7.0-sp1 | |
| Oracle WebLogic Server | =8.1-sp4 | |
| Oracle WebLogic Server | =8.1-sp2 | |
| Oracle WebLogic Server | =7.0-sp6 | |
| Oracle WebLogic Server | =7.0-sp4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2006-0419?
CVE-2006-0419 has been classified as a high severity vulnerability due to the potential for unauthorized access and denial of service.
How do I fix CVE-2006-0419?
To fix CVE-2006-0419, upgrade to a patched version of Oracle WebLogic Server that addresses this vulnerability.
Which versions of WebLogic Server are affected by CVE-2006-0419?
CVE-2006-0419 affects Oracle WebLogic Server versions 7.0 SP1 to SP6, 8.1 SP1 to SP5, and 9.0.
What type of attacks can be carried out due to CVE-2006-0419?
CVE-2006-0419 can allow remote attackers to read user entries or cause denial of service through a large number of connections.
Are anonymous binds enabled by default in affected versions of WebLogic Server for CVE-2006-0419?
Yes, the affected versions of WebLogic Server allow anonymous binds to the embedded LDAP server by default.
- agent/type
- agent/references
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/last-modified-date
- agent/severity
- agent/author
- agent/description
- agent/first-publish-date
- agent/weakness
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/bea
- canonical/oracle weblogic server
- version/oracle weblogic server/7.0-sp2
- version/oracle weblogic server/9.0
- version/oracle weblogic server/7.0-sp4
- version/oracle weblogic server/8.1-sp5
- version/oracle weblogic server/7.0-sp6
- version/oracle weblogic server/7.0-sp3
- version/oracle weblogic server/8.1-sp3
- version/oracle weblogic server/8.1-sp4
- version/oracle weblogic server/7.0-sp5
- version/oracle weblogic server/8.1-sp1
- version/oracle weblogic server/8.1-sp2
- version/oracle weblogic server/7.0-sp1