CVE-2003-1221

Name of the Vulnerable Software and Affected Versions BEA WebLogic Express and Server versions 7.0 through 8.1 SP 1

Description The issue arises under certain circumstances when a request to use T3 over SSL (t3s) is made to the insecure T3 port. As a result, the system may use a non-SSL connection for communication, potentially allowing attackers to sniff sessions.

Recommendations For BEA WebLogic Express and Server versions 7.0 through 8.1 SP 1, consider configuring the server to only accept SSL connections on the T3 port to prevent the use of non-SSL connections. Additionally, restrict access to the T3 port to minimize the risk of exploitation.