CVE-2006-0419
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
25/01/2006
Last modified:
03/04/2025
Description
BEA WebLogic Server and WebLogic Express 9.0, 8.1 through SP5, and 7.0 through SP6 allows anonymous binds to the embedded LDAP server, which allows remote attackers to read user entries or cause a denial of service (unspecified) via a large number of connections.
Impact
Base Score 2.0
6.40
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:bea:weblogic_server:7.0:sp1:*:*:*:*:*:* | ||
| cpe:2.3:a:bea:weblogic_server:7.0:sp1:express:*:*:*:*:* | ||
| cpe:2.3:a:bea:weblogic_server:7.0:sp2:*:*:*:*:*:* | ||
| cpe:2.3:a:bea:weblogic_server:7.0:sp2:express:*:*:*:*:* | ||
| cpe:2.3:a:bea:weblogic_server:7.0:sp3:*:*:*:*:*:* | ||
| cpe:2.3:a:bea:weblogic_server:7.0:sp3:express:*:*:*:*:* | ||
| cpe:2.3:a:bea:weblogic_server:7.0:sp4:*:*:*:*:*:* | ||
| cpe:2.3:a:bea:weblogic_server:7.0:sp4:express:*:*:*:*:* | ||
| cpe:2.3:a:bea:weblogic_server:7.0:sp5:*:*:*:*:*:* | ||
| cpe:2.3:a:bea:weblogic_server:7.0:sp5:express:*:*:*:*:* | ||
| cpe:2.3:a:bea:weblogic_server:7.0:sp6:*:*:*:*:*:* | ||
| cpe:2.3:a:bea:weblogic_server:7.0:sp6:express:*:*:*:*:* | ||
| cpe:2.3:a:bea:weblogic_server:8.1:sp1:*:*:*:*:*:* | ||
| cpe:2.3:a:bea:weblogic_server:8.1:sp1:express:*:*:*:*:* | ||
| cpe:2.3:a:bea:weblogic_server:8.1:sp2:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page