CVE-2006-2430

Sažetak

IBM WebSphere Application Server 5.0.2 and earlier, 5.1.1 and earlier, and 6.0.2 up to 6.0.2.7 records user credentials in plaintext in addNode.log, which allows attackers to gain privileges.

Reference

http://archives.neohapsis.com/archives/bugtraq/2006-05/0175.html
http://secunia.com/advisories/20032
http://securityreason.com/securityalert/910
http://www.osvdb.org/25372
http://www.vupen.com/english/advisories/2006/1736
http://www-1.ibm.com/support/docview.wss?rs=0&dc=DB550&q1=PK16492&uid=swg1PK22416&loc=en_US&cs=utf-8&lang=
http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24011773
http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24012009
http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24012064
http://www-1.ibm.com/support/search.wss?rs=0&q=PK16492&apar=only

CVSS

Base:	10.0
Impact:	10.0
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

08-03-2011 - 02:36

Objavljeno

17-05-2006 - 10:06