CVE-2006-2466 | Vulnerability Database | Aqua Security

BEA WebLogic Server 8.1 up to SP4 and 7.0 up to SP6 allows remote attackers to obtain the source code of JSP pages during certain circumstances related to a timing window when a compilation error occurs, aka the JSP showcode vulnerability.

Affected Software

Name	Vendor	Start Version	End Version
Weblogic_server	Bea	7.0-sp1 (including)	7.0-sp1 (including)
Weblogic_server	Bea	7.0-sp2 (including)	7.0-sp2 (including)
Weblogic_server	Bea	7.0-sp3 (including)	7.0-sp3 (including)
Weblogic_server	Bea	7.0-sp4 (including)	7.0-sp4 (including)
Weblogic_server	Bea	7.0-sp5 (including)	7.0-sp5 (including)
Weblogic_server	Bea	8.1 (including)	8.1 (including)
Weblogic_server	Bea	8.1-sp1 (including)	8.1-sp1 (including)
Weblogic_server	Bea	8.1-sp2 (including)	8.1-sp2 (including)
Weblogic_server	Bea	8.1-sp3 (including)	8.1-sp3 (including)

References

http://dev2dev.bea.com/pub/advisory/192
http://secunia.com/advisories/20130
http://securitytracker.com/id?1016100
http://www.vupen.com/english/advisories/2006/1828
https://exchange.xforce.ibmcloud.com/vulnerabilities/26461

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-2466
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html