Unrated severityNVD Advisory· Published May 19, 2006· Updated Jun 16, 2026
CVE-2006-2466
CVE-2006-2466
Description
BEA WebLogic Server 8.1 up to SP4 and 7.0 up to SP6 allows remote attackers to obtain the source code of JSP pages during certain circumstances related to a "timing window" when a compilation error occurs, aka the "JSP showcode vulnerability."
Affected products
10cpe:2.3:a:bea:weblogic_server:7.0:sp1:*:*:*:*:*:*+ 8 more
- cpe:2.3:a:bea:weblogic_server:7.0:sp1:*:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:7.0:sp2:*:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:7.0:sp3:*:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:7.0:sp4:*:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:7.0:sp5:*:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:8.1:*:*:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:8.1:sp1:*:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:8.1:sp2:*:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:8.1:sp3:*:*:*:*:*:*
- Range: 8.1 up to SP4, 7.0 up to SP6
Patches
Vulnerability mechanics
References
5- dev2dev.bea.com/pub/advisory/192nvdPatchVendor Advisory
- secunia.com/advisories/20130nvdPatchVendor Advisory
- securitytracker.com/idnvd
- www.vupen.com/english/advisories/2006/1828nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/26461nvd
News mentions
0No linked articles in our index yet.