CVE-2005-4705

Name of the Vulnerable Software and Affected Versions BEA WebLogic Server and WebLogic Express versions 8.1 through SP4 BEA WebLogic Server and WebLogic Express versions 7.0 through SP6 BEA WebLogic Server and WebLogic Express versions 6.1 through SP7

Description The issue allows remote attackers to sniff the connection when a Java client application creates an SSL connection to the server after it has already created an insecure connection. This is because the server will use the insecure connection instead of the secure one.

Recommendations For versions 8.1 through SP4, ensure that the client application does not create an insecure connection before establishing an SSL connection. For versions 7.0 through SP6, restrict the use of insecure connections to minimize the risk of exploitation. For versions 6.1 through SP7, consider disabling the reuse of existing connections to force the creation of a new secure connection.