CVE-2006-0419

BEA WebLogic Server and WebLogic Express 9.0, 8.1 through SP5, and 7.0 through SP6 allows anonymous binds to the embedded LDAP server, which allows remote attackers to read user entries or cause a denial of service (unspecified) via a large number of connections.

Published: Jan 26, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-0419
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.4
AV:N/AC:L/Au:N/C:P/I:N/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
bea / weblogic_server	7.0-sp2	7.0-sp2.x
bea / weblogic_server	9.0	9.0.x
bea / weblogic_server	7.0-sp4	7.0-sp4.x
bea / weblogic_server	8.1-sp5	8.1-sp5.x
bea / weblogic_server	7.0-sp6	7.0-sp6.x
bea / weblogic_server	7.0-sp3	7.0-sp3.x
bea / weblogic_server	8.1-sp3	8.1-sp3.x
bea / weblogic_server	8.1-sp4	8.1-sp4.x
bea / weblogic_server	7.0-sp5	7.0-sp5.x
bea / weblogic_server	8.1-sp1	8.1-sp1.x
bea / weblogic_server	8.1-sp2	8.1-sp2.x
bea / weblogic_server	7.0-sp1	7.0-sp1.x

http://dev2dev.bea.com/pub/advisory/163
http://securitytracker.com/id?1015528

Vulnerability Database

289,599

CVE-2006-0419