Lucene search

[email protected]CVE-2007-0408

HistoryJan 23, 2007 - 12:28 a.m.

CVE-2007-0408

2007-01-2300:28:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

bea weblogic

weblogic server

validation issue

bea

cve-2007-0408

6.9 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.044 Low

EPSS

Percentile

92.4%

JSON

BEA Weblogic Server 8.1 through 8.1 SP4 does not properly validate client certificates when reusing cached connections, which allows remote attackers to obtain access via an untrusted X.509 certificate.

CPENameOperatorVersion
bea:weblogic_serverbea weblogic servereq8.1

CPE	Name	Operator	Version
bea:weblogic_server	bea weblogic server	eq	8.1

References

dev2dev.bea.com/pub/advisory/202

osvdb.org/38500

secunia.com/advisories/23750

securitytracker.com/id?1017519

www.securityfocus.com/bid/22082

www.vupen.com/english/advisories/2007/0213

6.9 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.044 Low

EPSS

Percentile

92.4%

JSON

Related for CVE-2007-0408

prion1 securityvulns1