What is the severity of CVE-2006-0426?

CVE-2006-0426 is considered a high severity vulnerability due to the exposure of sensitive information in cleartext.

How do I fix CVE-2006-0426?

To fix CVE-2006-0426, disable configuration auditing or ensure that sensitive data is not logged in cleartext.

What software versions are affected by CVE-2006-0426?

CVE-2006-0426 affects BEA WebLogic Server and WebLogic Express versions 8.1 through SP4.

What information is leaked in CVE-2006-0426?

CVE-2006-0426 leaks both old and new passwords in cleartext within the DefaultAuditRecorder.log file.

Can attackers exploit CVE-2006-0426 remotely?

Yes, attackers can potentially exploit CVE-2006-0426 remotely if they have access to the logged files containing sensitive information.

Vulnerability/
CVE-2006-0426

high

7.5

CWE

NVD-CWE-Other

25/1/2006

7/8/2024

CVE-2006-0426

First published: Wed Jan 25 2006(Updated: )

BEA WebLogic Server and WebLogic Express 8.1 through SP4, when configuration auditing is enabled and a password change occurs, stores the old and new passwords in cleartext in the DefaultAuditRecorder.log file, which could allow attackers to gain privileges.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Oracle WebLogic Server	=8.1-sp1
Oracle WebLogic Server	=8.1-sp1
Oracle WebLogic Server	=8.1-sp2
Oracle WebLogic Server	=8.1-sp2
Oracle WebLogic Server	=8.1-sp3
Oracle WebLogic Server	=8.1-sp3
Oracle WebLogic Server	=8.1-sp4
Oracle WebLogic Server	=8.1-sp4

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2006-0426?
CVE-2006-0426 is considered a high severity vulnerability due to the exposure of sensitive information in cleartext.
How do I fix CVE-2006-0426?
To fix CVE-2006-0426, disable configuration auditing or ensure that sensitive data is not logged in cleartext.
What software versions are affected by CVE-2006-0426?
CVE-2006-0426 affects BEA WebLogic Server and WebLogic Express versions 8.1 through SP4.
What information is leaked in CVE-2006-0426?
CVE-2006-0426 leaks both old and new passwords in cleartext within the DefaultAuditRecorder.log file.
Can attackers exploit CVE-2006-0426 remotely?
Yes, attackers can potentially exploit CVE-2006-0426 remotely if they have access to the logged files containing sensitive information.

agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/references
agent/remedy
agent/last-modified-date
agent/severity
agent/author
agent/description
agent/first-publish-date
agent/weakness
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-historical
vendor/bea
canonical/oracle weblogic server
version/oracle weblogic server/8.1-sp1
version/oracle weblogic server/8.1-sp2
version/oracle weblogic server/8.1-sp3
version/oracle weblogic server/8.1-sp4

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

CVE-2006-0426

Remedy

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2006-0426?

How do I fix CVE-2006-0426?

What software versions are affected by CVE-2006-0426?

What information is leaked in CVE-2006-0426?

Can attackers exploit CVE-2006-0426 remotely?

Company

Resources

Contact