CVE-2006-2469

CVE-2006-2469 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

The HTTP handlers in BEA WebLogic Server 9.0, 8.1 up to SP5, 7.0 up to SP6, and 6.1 up to SP7 stores the username and password in cleartext in the WebLogic Server log when access to a web application or protected JWS fails, which allows attackers to gain privileges.

Learn more about our Web App Pen Testing.