3 matches found
Code injection
SSL libraries in BEA WebLogic Server 6.1 Gold through SP7, 7.0 Gold through SP7, and 8.1 Gold through SP5 might allow remote attackers to obtain plaintext from an SSL stream via a man-in-the-middle attack that injects crafted data and measures the elapsed time before an error response, a differen...
CVE-2006-2461
BEA WebLogic Server before 8.1 Service Pack 4 does not properly set the Quality of Service in certain circumstances, which prevents some transmissions from being encrypted via SSL, and allows remote attackers to more easily read potentially sensitive network traffic...
CVE-2006-2461
BEA WebLogic Server prior to 8.1 SP4 has a QoS handling flaw that can prevent SSL-encrypted transmissions, risking exposure of sensitive network traffic. The available documents state the issue and affected version, but do not provide explicit exploit details or a remediation path; no additional ...