Lucene search

[email protected]NVD:CVE-2006-2430

HistoryMay 17, 2006 - 10:06 a.m.

CVE-2006-2430

2006-05-1710:06:00

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.6

Confidence

High

EPSS

0.02

Percentile

89.0%

JSON

IBM WebSphere Application Server 5.0.2 and earlier, 5.1.1 and earlier, and 6.0.2 up to 6.0.2.7 records user credentials in plaintext in addNode.log, which allows attackers to gain privileges.

Affected configurations

Nvd

Node

ibmwebsphere_application_serverMatch5.0.0

ibmwebsphere_application_serverMatch5.0.1

ibmwebsphere_application_serverMatch5.0.2

ibmwebsphere_application_serverMatch5.1.0

ibmwebsphere_application_serverMatch5.1.1

ibmwebsphere_application_serverMatch6.0.2

ibmwebsphere_application_serverMatch6.0.2.1

ibmwebsphere_application_serverMatch6.0.2.2

ibmwebsphere_application_serverMatch6.0.2.3

ibmwebsphere_application_serverMatch6.0.2.4

ibmwebsphere_application_serverMatch6.0.2.5

ibmwebsphere_application_serverMatch6.0.2.6

ibmwebsphere_application_serverMatch6.0.2.7

VendorProductVersionCPE
ibmwebsphere_application_server5.0.0cpe:2.3:a:ibm:websphere_application_server:5.0.0:*:*:*:*:*:*:*
ibmwebsphere_application_server5.0.1cpe:2.3:a:ibm:websphere_application_server:5.0.1:*:*:*:*:*:*:*
ibmwebsphere_application_server5.0.2cpe:2.3:a:ibm:websphere_application_server:5.0.2:*:*:*:*:*:*:*
ibmwebsphere_application_server5.1.0cpe:2.3:a:ibm:websphere_application_server:5.1.0:*:*:*:*:*:*:*
ibmwebsphere_application_server5.1.1cpe:2.3:a:ibm:websphere_application_server:5.1.1:*:*:*:*:*:*:*
ibmwebsphere_application_server6.0.2cpe:2.3:a:ibm:websphere_application_server:6.0.2:*:*:*:*:*:*:*
ibmwebsphere_application_server6.0.2.1cpe:2.3:a:ibm:websphere_application_server:6.0.2.1:*:*:*:*:*:*:*
ibmwebsphere_application_server6.0.2.2cpe:2.3:a:ibm:websphere_application_server:6.0.2.2:*:*:*:*:*:*:*
ibmwebsphere_application_server6.0.2.3cpe:2.3:a:ibm:websphere_application_server:6.0.2.3:*:*:*:*:*:*:*
ibmwebsphere_application_server6.0.2.4cpe:2.3:a:ibm:websphere_application_server:6.0.2.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	websphere_application_server	5.0.0	cpe:2.3:a:ibm:websphere_application_server:5.0.0:::::::*
ibm	websphere_application_server	5.0.1	cpe:2.3:a:ibm:websphere_application_server:5.0.1:::::::*
ibm	websphere_application_server	5.0.2	cpe:2.3:a:ibm:websphere_application_server:5.0.2:::::::*
ibm	websphere_application_server	5.1.0	cpe:2.3:a:ibm:websphere_application_server:5.1.0:::::::*
ibm	websphere_application_server	5.1.1	cpe:2.3:a:ibm:websphere_application_server:5.1.1:::::::*
ibm	websphere_application_server	6.0.2	cpe:2.3:a:ibm:websphere_application_server:6.0.2:::::::*
ibm	websphere_application_server	6.0.2.1	cpe:2.3:a:ibm:websphere_application_server:6.0.2.1:::::::*
ibm	websphere_application_server	6.0.2.2	cpe:2.3:a:ibm:websphere_application_server:6.0.2.2:::::::*
ibm	websphere_application_server	6.0.2.3	cpe:2.3:a:ibm:websphere_application_server:6.0.2.3:::::::*
ibm	websphere_application_server	6.0.2.4	cpe:2.3:a:ibm:websphere_application_server:6.0.2.4:::::::*

Rows per page:

1-10 of 131

References

archives.neohapsis.com/archives/bugtraq/2006-05/0175.html

secunia.com/advisories/20032

securityreason.com/securityalert/910

www-1.ibm.com/support/docview.wss?rs=0&dc=DB550&q1=PK16492&uid=swg1PK22416&loc=en_US&cs=utf-8&lang=

www-1.ibm.com/support/docview.wss?rs=180&uid=swg24011773

www-1.ibm.com/support/docview.wss?rs=180&uid=swg24012009

www-1.ibm.com/support/docview.wss?rs=180&uid=swg24012064

www-1.ibm.com/support/search.wss?rs=0&q=PK16492&apar=only

www.osvdb.org/25372

www.vupen.com/english/advisories/2006/1736

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.6

Confidence

High

EPSS

0.02

Percentile

89.0%

JSON

Related for NVD:CVE-2006-2430

prion1 cvelist1 cve1