Source Code Exposure in BEA WebLogic Portal 8.1 and SP4
CVE-2006-0425

Currently unrated

Key Information:

Vendor: Oracle
Status: Weblogic Portal
Vendor: CVE Published:; 25 January 2006

What is CVE-2006-0425?

The vulnerability allows remote attackers to access the source of deployment descriptor files in BEA WebLogic Portal 8.1 up to and including service pack 4. This exposure can result in the leakage of sensitive configurations and system information, potentially enabling further attacks on the application or its underlying infrastructure. Attackers can exploit this weakness through various unknown vectors, emphasizing the need for security measures to protect sensitive deployed content.

References

http://secunia.com/advisories/18593

third-party-advisoryx_refsource_SECUNIA

https://exchange.xforce.ibmcloud.com/vulnerabilities/24297

vdb-entryx_refsource_XF

http://www.vupen.com/english/advisories/2006/0312

vdb-entryx_refsource_VUPEN

Timeline

Vulnerability published
Jan 25, 2006
Vulnerability Reserved
Jan 25, 2006

Oracle

What is CVE-2006-0425?

References

Timeline