CVE-2006-0427
First published: Wed Jan 25 2006(Updated: )
Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 9.0 and 8.1 through SP5 allows malicious EJBs or servlet applications to decrypt system passwords, possibly by accessing functionality that should have been restricted.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle WebLogic Server | =9.0-sp3 | |
| Oracle WebLogic Server | =9.0-sp1 | |
| Oracle WebLogic Server | =8.1-sp5 | |
| Oracle WebLogic Server | =8.1-sp5 | |
| Oracle WebLogic Server | =8.1-sp3 | |
| Oracle WebLogic Server | =9.0-sp5 | |
| Oracle WebLogic Server | =9.0-sp2 | |
| Oracle WebLogic Server | =8.1-sp4 | |
| Oracle WebLogic Server | =9.0-sp2 | |
| Oracle WebLogic Server | =8.1-sp1 | |
| Oracle WebLogic Server | =9.0-sp1 | |
| Oracle WebLogic Server | =8.1-sp3 | |
| Oracle WebLogic Server | =8.1-sp2 | |
| Oracle WebLogic Server | =9.0-sp4 | |
| Oracle WebLogic Server | =8.1-sp1 | |
| Oracle WebLogic Server | =9.0-sp3 | |
| Oracle WebLogic Server | =8.1-sp4 | |
| Oracle WebLogic Server | =9.0-sp5 | |
| Oracle WebLogic Server | =8.1-sp2 | |
| Oracle WebLogic Server | =9.0-sp4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2006-0427?
CVE-2006-0427 is considered a high-severity vulnerability due to its potential to expose system passwords.
How do I fix CVE-2006-0427?
To fix CVE-2006-0427, update to the latest patched version of BEA WebLogic Server or apply relevant security patches.
What systems are affected by CVE-2006-0427?
CVE-2006-0427 affects BEA WebLogic Server and WebLogic Express versions 8.1 SP1 to SP5 and 9.0 SP1 to SP5.
What risks does CVE-2006-0427 pose?
CVE-2006-0427 allows malicious applications to potentially decrypt sensitive system passwords, leading to unauthorized access.
Is CVE-2006-0427 an exploit in the wild?
There have been reports of exploitation attempts leveraging CVE-2006-0427 indicating the vulnerability should be addressed promptly.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/remedy
- agent/last-modified-date
- agent/severity
- agent/author
- agent/description
- agent/first-publish-date
- agent/weakness
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/bea
- canonical/oracle weblogic server
- version/oracle weblogic server/9.0-sp3
- version/oracle weblogic server/9.0-sp1
- version/oracle weblogic server/8.1-sp5
- version/oracle weblogic server/8.1-sp3
- version/oracle weblogic server/9.0-sp5
- version/oracle weblogic server/9.0-sp2
- version/oracle weblogic server/8.1-sp4
- version/oracle weblogic server/8.1-sp1
- version/oracle weblogic server/8.1-sp2
- version/oracle weblogic server/9.0-sp4