CVE-2005-4766 | Vulnerability Database | Aqua Security

BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP5 and earlier, do not encrypt multicast traffic, which might allow remote attackers to read sensitive cluster synchronization messages by sniffing the multicast traffic.

Affected Software

Name	Vendor	Start Version	End Version
Weblogic_server	Bea	7.0 (including)	7.0 (including)
Weblogic_server	Bea	7.0-sp1 (including)	7.0-sp1 (including)
Weblogic_server	Bea	7.0-sp2 (including)	7.0-sp2 (including)
Weblogic_server	Bea	7.0-sp3 (including)	7.0-sp3 (including)
Weblogic_server	Bea	7.0-sp4 (including)	7.0-sp4 (including)
Weblogic_server	Bea	7.0-sp5 (including)	7.0-sp5 (including)
Weblogic_server	Bea	8.1 (including)	8.1 (including)
Weblogic_server	Bea	8.1-sp1 (including)	8.1-sp1 (including)
Weblogic_server	Bea	8.1-sp2 (including)	8.1-sp2 (including)
Weblogic_server	Bea	8.1-sp3 (including)	8.1-sp3 (including)
Weblogic_server	Bea	8.1-sp4 (including)	8.1-sp4 (including)

References

http://dev2dev.bea.com/pub/advisory/157
http://secunia.com/advisories/17138
http://www.securityfocus.com/bid/15052

NVD	https://nvd.nist.gov/vuln/detail/CVE-2005-4766
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html