Lucene search
MitreCVE-2005-4705HistoryFeb 01, 2006 - 8:00 p.m.
CVE-2005-4705
2006-02-0120:00:00
mitre
web.nvd.nist.gov
22
bea weblogic
weblogic express
ssl
vulnerability
cve-2005-4705
nvd
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
7.1
Confidence
Low
EPSS
0.005
Percentile
76.1%
BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7, when a Java client application creates an SSL connection to the server after it has already created an insecure connection, will use the insecure connection, which allows remote attackers to sniff the connection.
Affected configurations
Node
beaweblogic_serverMatch6.1sp1
ORbeaweblogic_serverMatch6.1sp1express
ORbeaweblogic_serverMatch6.1sp2
ORbeaweblogic_serverMatch6.1sp2express
ORbeaweblogic_serverMatch6.1sp3
ORbeaweblogic_serverMatch6.1sp3express
ORbeaweblogic_serverMatch6.1sp4
ORbeaweblogic_serverMatch6.1sp4express
ORbeaweblogic_serverMatch6.1sp5
ORbeaweblogic_serverMatch6.1sp5express
ORbeaweblogic_serverMatch6.1sp6
ORbeaweblogic_serverMatch6.1sp7
ORbeaweblogic_serverMatch6.1sp7express
ORbeaweblogic_serverMatch7.0sp1
ORbeaweblogic_serverMatch7.0sp1express
ORbeaweblogic_serverMatch7.0sp2
ORbeaweblogic_serverMatch7.0sp2express
ORbeaweblogic_serverMatch7.0sp3
ORbeaweblogic_serverMatch7.0sp3express
ORbeaweblogic_serverMatch7.0sp4
ORbeaweblogic_serverMatch7.0sp4express
ORbeaweblogic_serverMatch7.0sp5
ORbeaweblogic_serverMatch7.0sp5express
ORbeaweblogic_serverMatch7.0sp6
ORbeaweblogic_serverMatch7.0sp6express
ORbeaweblogic_serverMatch8.1sp1
ORbeaweblogic_serverMatch8.1sp1express
ORbeaweblogic_serverMatch8.1sp2
ORbeaweblogic_serverMatch8.1sp2express
ORbeaweblogic_serverMatch8.1sp3
ORbeaweblogic_serverMatch8.1sp3express
ORbeaweblogic_serverMatch8.1sp4
ORbeaweblogic_serverMatch8.1sp4express
| Vendor | Product | Version | CPE |
|---|---|---|---|
| bea | weblogic_server | 6.1 | cpe:2.3:a:bea:weblogic_server:6.1:sp1:*:*:*:*:*:* |
| bea | weblogic_server | 6.1 | cpe:2.3:a:bea:weblogic_server:6.1:sp1:express:*:*:*:*:* |
| bea | weblogic_server | 6.1 | cpe:2.3:a:bea:weblogic_server:6.1:sp2:*:*:*:*:*:* |
| bea | weblogic_server | 6.1 | cpe:2.3:a:bea:weblogic_server:6.1:sp2:express:*:*:*:*:* |
| bea | weblogic_server | 6.1 | cpe:2.3:a:bea:weblogic_server:6.1:sp3:*:*:*:*:*:* |
| bea | weblogic_server | 6.1 | cpe:2.3:a:bea:weblogic_server:6.1:sp3:express:*:*:*:*:* |
| bea | weblogic_server | 6.1 | cpe:2.3:a:bea:weblogic_server:6.1:sp4:*:*:*:*:*:* |
| bea | weblogic_server | 6.1 | cpe:2.3:a:bea:weblogic_server:6.1:sp4:express:*:*:*:*:* |
| bea | weblogic_server | 6.1 | cpe:2.3:a:bea:weblogic_server:6.1:sp5:*:*:*:*:*:* |
| bea | weblogic_server | 6.1 | cpe:2.3:a:bea:weblogic_server:6.1:sp5:express:*:*:*:*:* |
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
7.1
Confidence
Low
EPSS
0.005
Percentile
76.1%
Related for CVE-2005-4705