Lucene search

[email protected]CVE-2005-4704

HistoryDec 31, 2005 - 5:00 a.m.

CVE-2005-4704

2005-12-3105:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2005-4704

nvd

bea weblogic server

weblogic express

ssl

remote attackers

privileges

7.8 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

75.4%

JSON

Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 8.1 through SP3, 7.0 through SP6, and 6.1 through SP7, when SSL is intended to be used, causes an unencrypted protocol to be used in certain unspecified circumstances, which causes user credentials to be sent across the network in cleartext and allows remote attackers to gain privileges.

CPENameOperatorVersion
bea:weblogic_serverbea weblogic servereq6.1
bea:weblogic_serverbea weblogic servereq8.1
bea:weblogic_serverbea weblogic servereq7.0

CPE	Name	Operator	Version
bea:weblogic_server	bea weblogic server	eq	6.1
bea:weblogic_server	bea weblogic server	eq	8.1
bea:weblogic_server	bea weblogic server	eq	7.0

References

dev2dev.bea.com/pub/advisory/140

www.osvdb.org/20094

7.8 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

75.4%

JSON