PT-2005-5428 · Bea · Bea Weblogic Server+1

Publicado

2005-12-31

Atualizado

2008-09-05

CVE-2005-4765

CVSS v2.0

7.6

Alta

Vetor

AV:N/AC:H/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions BEA WebLogic Server and WebLogic Express versions 8.1 SP4 and earlier BEA WebLogic Server and WebLogic Express versions 7.0 SP6 and earlier

Description The issue arises when using the weblogic.Deployer command with the t3 protocol. Even when an Administration port is enabled on the Administration server, the secure t3s protocol is not used, which might allow remote attackers to sniff the connection.

Recommendations For BEA WebLogic Server and WebLogic Express versions 8.1 SP4 and earlier, consider using the secure t3s protocol instead of t3 when deploying with the weblogic.Deployer command. For BEA WebLogic Server and WebLogic Express versions 7.0 SP6 and earlier, consider using the secure t3s protocol instead of t3 when deploying with the weblogic.Deployer command.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2005-4765

Produtos afetados

Bea Weblogic Server

Weblogic Express

PT-2005-5428 · Bea · Bea Weblogic Server+1

CVE-2005-4765

Identificadores relacionados

Produtos afetados

Referências · 5