CVE-2006-2430

IBM WebSphere Application Server 5.0.2 and earlier, 5.1.1 and earlier, and 6.0.2 up to 6.0.2.7 records user credentials in plaintext in addNode.log, which allows attackers to gain privileges.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2006-05/0175.html	Patch
http://www-1.ibm.com/support/search.wss?rs=0&q=PK16492&apar=only	Patch
http://www-1.ibm.com/support/docview.wss?rs=0&dc=DB550&q1=PK16492&uid=swg1PK22416&loc=en_US&cs=utf-8&lang=	Patch
http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24011773	Patch
http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24012009	Patch
http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24012064	Patch
http://secunia.com/advisories/20032	Patch Vendor Advisory
http://www.osvdb.org/25372
http://securityreason.com/securityalert/910
http://www.vupen.com/english/advisories/2006/1736

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:websphere_application_server:6.0.2:::::::*
	cpe:2.3:a:ibm:websphere_application_server:6.0.2.1:::::::*
	cpe:2.3:a:ibm:websphere_application_server:5.0.0:::::::*
	cpe:2.3:a:ibm:websphere_application_server:6.0.2.2:::::::*
	cpe:2.3:a:ibm:websphere_application_server:6.0.2.3:::::::*
	cpe:2.3:a:ibm:websphere_application_server:5.1.0:::::::*
	cpe:2.3:a:ibm:websphere_application_server:5.1.1:::::::*
	cpe:2.3:a:ibm:websphere_application_server:6.0.2.7:::::::*
	cpe:2.3:a:ibm:websphere_application_server:5.0.1:::::::*
	cpe:2.3:a:ibm:websphere_application_server:5.0.2:::::::*
	cpe:2.3:a:ibm:websphere_application_server:6.0.2.4:::::::*
	cpe:2.3:a:ibm:websphere_application_server:6.0.2.5:::::::*
	cpe:2.3:a:ibm:websphere_application_server:6.0.2.6:::::::*

Information

Published : 2006-05-17 03:06

Updated : 2011-03-07 18:36

NVD link : CVE-2006-2430

Mitre link : CVE-2006-2430

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

ibm

websphere_application_server

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://archives.neohapsis.com/archives/bugtraq/2006-05/0175.html", "name": "20060509 IBM Websphere Application Server Multiple Vulnerabilities", "tags": ["Patch"], "refsource": "BUGTRAQ"}, {"url": "http://www-1.ibm.com/support/search.wss?rs=0&q=PK16492&apar=only", "name": "PK16492", "tags": ["Patch"], "refsource": "AIXAPAR"}, {"url": "http://www-1.ibm.com/support/docview.wss?rs=0&dc=DB550&q1=PK16492&uid=swg1PK22416&loc=en_US&cs=utf-8&lang=", "name": "PK22416", "tags": ["Patch"], "refsource": "AIXAPAR"}, {"url": "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24011773", "name": "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24011773", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24012009", "name": "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24012009", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24012064", "name": "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24012064", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/20032", "name": "20032", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.osvdb.org/25372", "name": "25372", "tags": [], "refsource": "OSVDB"}, {"url": "http://securityreason.com/securityalert/910", "name": "910", "tags": [], "refsource": "SREASON"}, {"url": "http://www.vupen.com/english/advisories/2006/1736", "name": "ADV-2006-1736", "tags": [], "refsource": "VUPEN"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "IBM WebSphere Application Server 5.0.2 and earlier, 5.1.1 and earlier, and 6.0.2 up to 6.0.2.7 records user credentials in plaintext in addNode.log, which allows attackers to gain privileges."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-2430", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2006-05-17T10:06Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:6.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:5.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:5.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:5.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:5.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:5.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2011-03-08T02:36Z"}