CVE-2005-4765

2022-10-0316:22:46

mitre

www.cve.org

bea weblogic server

t3 protocol

security vulnerability

remote attackers

sniffing connection

6.8 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

73.5%

JSON

BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier and 7.0 SP6 and earlier, when using the weblogic.Deployer command with the t3 protocol, does not use the secure t3s protocol even when an Administration port is enabled on the Administration server, which might allow remote attackers to sniff the connection.

References

dev2dev.bea.com/pub/advisory/156

secunia.com/advisories/17138

www.securityfocus.com/bid/15052