CVE Vulnerabilities

CVE-2005-4765

Published: Dec 31, 2005 | Modified: Sep 05, 2008
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.6 HIGH
AV:N/AC:H/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier and 7.0 SP6 and earlier, when using the weblogic.Deployer command with the t3 protocol, does not use the secure t3s protocol even when an Administration port is enabled on the Administration server, which might allow remote attackers to sniff the connection.

Affected Software

Name Vendor Start Version End Version
Weblogic_server Bea 7.0 (including) 7.0 (including)
Weblogic_server Bea 7.0-sp1 (including) 7.0-sp1 (including)
Weblogic_server Bea 7.0-sp2 (including) 7.0-sp2 (including)
Weblogic_server Bea 7.0-sp3 (including) 7.0-sp3 (including)
Weblogic_server Bea 7.0-sp4 (including) 7.0-sp4 (including)
Weblogic_server Bea 7.0-sp5 (including) 7.0-sp5 (including)
Weblogic_server Bea 7.0-sp6 (including) 7.0-sp6 (including)
Weblogic_server Bea 8.1 (including) 8.1 (including)
Weblogic_server Bea 8.1-sp1 (including) 8.1-sp1 (including)
Weblogic_server Bea 8.1-sp2 (including) 8.1-sp2 (including)
Weblogic_server Bea 8.1-sp3 (including) 8.1-sp3 (including)
Weblogic_server Bea 8.1-sp4 (including) 8.1-sp4 (including)

References