CVE-2006-2469 Information

Description

The HTTP handlers in BEA WebLogic Server 9.0 8.1 up to SP5 7.0 up to SP6 and 6.1 up to SP7 stores the username and password in cleartext in the WebLogic Server log when access to a web application or protected JWS fails which allows attackers to gain privileges.

Reference

http://dev2dev.bea.com/pub/advisory/189 http://secunia.com/advisories/20130 http://securitytracker.com/id?1016098 http://www.vupen.com/english/advisories/2006/1828 https://exchange.xforce.ibmcloud.com/vulnerabilities/26463