Lucene search

[email protected]CVE-2005-4766

HistoryOct 03, 2022 - 4:22 p.m.

CVE-2005-4766

2022-10-0316:22:45

[email protected]

web.nvd.nist.gov

cve-2005-4766

bea weblogic server

weblogic express

multicast traffic

encryption

remote attackers

5.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:C/I:N/A:N

6.9 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

58.4%

JSON

BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP5 and earlier, do not encrypt multicast traffic, which might allow remote attackers to read sensitive cluster synchronization messages by sniffing the multicast traffic.

Affected configurations

NVD

Node

beaweblogic_serverMatch7.0

beaweblogic_serverMatch7.0express

beaweblogic_serverMatch7.0win32

beaweblogic_serverMatch7.0sp1

beaweblogic_serverMatch7.0sp1express

beaweblogic_serverMatch7.0sp1win32

beaweblogic_serverMatch7.0sp2

beaweblogic_serverMatch7.0sp2express

beaweblogic_serverMatch7.0sp2win32

beaweblogic_serverMatch7.0sp3

beaweblogic_serverMatch7.0sp3express

beaweblogic_serverMatch7.0sp3win32

beaweblogic_serverMatch7.0sp4

beaweblogic_serverMatch7.0sp4express

beaweblogic_serverMatch7.0sp4win32

beaweblogic_serverMatch7.0sp5

beaweblogic_serverMatch7.0sp5express

beaweblogic_serverMatch7.0sp5win32

beaweblogic_serverMatch8.1

beaweblogic_serverMatch8.1express

beaweblogic_serverMatch8.1win32

beaweblogic_serverMatch8.1sp1

beaweblogic_serverMatch8.1sp1express

beaweblogic_serverMatch8.1sp1win32

beaweblogic_serverMatch8.1sp2

beaweblogic_serverMatch8.1sp2express

beaweblogic_serverMatch8.1sp2win32

beaweblogic_serverMatch8.1sp3

beaweblogic_serverMatch8.1sp3express

beaweblogic_serverMatch8.1sp3win32

beaweblogic_serverMatch8.1sp4

beaweblogic_serverMatch8.1sp4express

beaweblogic_serverMatch8.1sp4win32

CPENameOperatorVersion
bea:weblogic_serverbea weblogic servereq7.0
bea:weblogic_serverbea weblogic servereq8.1

CPE	Name	Operator	Version
bea:weblogic_server	bea weblogic server	eq	7.0
bea:weblogic_server	bea weblogic server	eq	8.1

References

dev2dev.bea.com/pub/advisory/157

secunia.com/advisories/17138

www.securityfocus.com/bid/15052

5.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:C/I:N/A:N

6.9 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

58.4%

JSON

Related for CVE-2005-4766

nvd1 cvelist1