What is the severity of CVE-2006-2472?

CVE-2006-2472 has been rated as a critical vulnerability due to its potential to allow untrusted applications to access private server keys.

How do I fix CVE-2006-2472?

To address CVE-2006-2472, it is recommended to apply the latest security patches and updates provided by Oracle for the affected versions of WebLogic Server.

Which versions are affected by CVE-2006-2472?

CVE-2006-2472 impacts BEA WebLogic Server versions 6.1 to 9.1, including various service packs.

What type of attacks can CVE-2006-2472 enable?

CVE-2006-2472 can enable attacks that compromise the integrity and confidentiality of server communications by exposing private server keys.

Is there a workaround for CVE-2006-2472?

There are no confirmed workarounds for CVE-2006-2472; applying security patches is the primary mitigation strategy.

Vulnerability/
CVE-2006-2472

medium

4.9

CWE

NVD-CWE-Other

19/5/2006

7/8/2024

CVE-2006-2472

First published: Fri May 19 2006(Updated: )

Unspecified vulnerability in BEA WebLogic Server 9.1 and 9.0, 8.1 through SP5, 7.0 through SP6, and 6.1 through SP7 allows untrusted applications to obtain private server keys.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Oracle WebLogic Server	=6.1
Oracle WebLogic Server	=6.1
Oracle WebLogic Server	=6.1-sp1
Oracle WebLogic Server	=6.1-sp1
Oracle WebLogic Server	=6.1-sp2
Oracle WebLogic Server	=6.1-sp2
Oracle WebLogic Server	=6.1-sp3
Oracle WebLogic Server	=6.1-sp3
Oracle WebLogic Server	=6.1-sp4
Oracle WebLogic Server	=6.1-sp4
Oracle WebLogic Server	=6.1-sp5
Oracle WebLogic Server	=6.1-sp5
Oracle WebLogic Server	=6.1-sp6
Oracle WebLogic Server	=6.1-sp6
Oracle WebLogic Server	=6.1-sp7
Oracle WebLogic Server	=6.1-sp7
Oracle WebLogic Server	=7.0
Oracle WebLogic Server	=7.0
Oracle WebLogic Server	=7.0-sp1
Oracle WebLogic Server	=7.0-sp1
Oracle WebLogic Server	=7.0-sp2
Oracle WebLogic Server	=7.0-sp2
Oracle WebLogic Server	=7.0-sp3
Oracle WebLogic Server	=7.0-sp3
Oracle WebLogic Server	=7.0-sp4
Oracle WebLogic Server	=7.0-sp4
Oracle WebLogic Server	=7.0-sp5
Oracle WebLogic Server	=7.0-sp5
Oracle WebLogic Server	=7.0-sp6
Oracle WebLogic Server	=7.0-sp6
Oracle WebLogic Server	=8.1
Oracle WebLogic Server	=8.1
Oracle WebLogic Server	=8.1-sp1
Oracle WebLogic Server	=8.1-sp1
Oracle WebLogic Server	=8.1-sp2
Oracle WebLogic Server	=8.1-sp2
Oracle WebLogic Server	=8.1-sp3
Oracle WebLogic Server	=8.1-sp3
Oracle WebLogic Server	=8.1-sp4
Oracle WebLogic Server	=8.1-sp4
Oracle WebLogic Server	=8.1-sp5
Oracle WebLogic Server	=8.1-sp5
Oracle WebLogic Server	=9.0
Oracle WebLogic Server	=9.1

Remedy

http://dev2dev.bea.com/pub/advisory/186

Remedy

http://secunia.com/advisories/20130

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2006-2472?
CVE-2006-2472 has been rated as a critical vulnerability due to its potential to allow untrusted applications to access private server keys.
How do I fix CVE-2006-2472?
To address CVE-2006-2472, it is recommended to apply the latest security patches and updates provided by Oracle for the affected versions of WebLogic Server.
Which versions are affected by CVE-2006-2472?
CVE-2006-2472 impacts BEA WebLogic Server versions 6.1 to 9.1, including various service packs.
What type of attacks can CVE-2006-2472 enable?
CVE-2006-2472 can enable attacks that compromise the integrity and confidentiality of server communications by exposing private server keys.
Is there a workaround for CVE-2006-2472?
There are no confirmed workarounds for CVE-2006-2472; applying security patches is the primary mitigation strategy.

agent/type
agent/remedy
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/references
agent/weakness
agent/last-modified-date
agent/description
agent/first-publish-date
agent/author
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-historical
vendor/bea
canonical/oracle weblogic server
version/oracle weblogic server/6.1
version/oracle weblogic server/6.1-sp1
version/oracle weblogic server/6.1-sp2
version/oracle weblogic server/6.1-sp3
version/oracle weblogic server/6.1-sp4
version/oracle weblogic server/6.1-sp5
version/oracle weblogic server/6.1-sp6
version/oracle weblogic server/6.1-sp7
version/oracle weblogic server/7.0
version/oracle weblogic server/7.0-sp1
version/oracle weblogic server/7.0-sp2
version/oracle weblogic server/7.0-sp3
version/oracle weblogic server/7.0-sp4
version/oracle weblogic server/7.0-sp5
version/oracle weblogic server/7.0-sp6
version/oracle weblogic server/8.1
version/oracle weblogic server/8.1-sp1
version/oracle weblogic server/8.1-sp2
version/oracle weblogic server/8.1-sp3
version/oracle weblogic server/8.1-sp4
version/oracle weblogic server/8.1-sp5
version/oracle weblogic server/9.0
version/oracle weblogic server/9.1

CVE-2006-2472

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2006-2472?

How do I fix CVE-2006-2472?

Which versions are affected by CVE-2006-2472?

What type of attacks can CVE-2006-2472 enable?

Is there a workaround for CVE-2006-2472?

Company

Resources

Contact