CVE-2007-0411

Name of the Vulnerable Software and Affected Versions BEA WebLogic Server versions 8.1 through 8.1 SP5 BEA WebLogic Server version 9.0 BEA WebLogic Server version 9.1 BEA WebLogic Server version 9.2 Gold

Description The issue allows remote attackers to conduct a man-in-the-middle (MITM) attack when WS-Security is used, due to improper validation of certificates.

Recommendations For BEA WebLogic Server versions 8.1 through 8.1 SP5, update the certificate validation process to properly verify certificates. For BEA WebLogic Server version 9.0, ensure that WS-Security is configured to validate certificates correctly. For BEA WebLogic Server version 9.1, verify that the certificate validation mechanism is enabled and properly configured. For BEA WebLogic Server version 9.2 Gold, check the WS-Security configuration to ensure it properly handles certificate validation.