PT-2007-5773 · Bea · Bea Weblogic Server
Publicado
2007-08-31
·
Atualizado
2018-10-26
·
CVE-2007-4613
CVSS v2.0
6.8
Média
| Vetor | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
BEA WebLogic Server versions 6.1 Gold through SP7
BEA WebLogic Server versions 7.0 Gold through SP7
BEA WebLogic Server versions 8.1 Gold through SP5
Description
The SSL libraries in the affected software might allow remote attackers to obtain plaintext from an SSL stream via a man-in-the-middle attack. This attack involves injecting crafted data and measuring the elapsed time before an error response.
Recommendations
For BEA WebLogic Server versions 6.1 Gold through SP7, consider updating to a version that includes a fix for this issue.
For BEA WebLogic Server versions 7.0 Gold through SP7, consider updating to a version that includes a fix for this issue.
For BEA WebLogic Server versions 8.1 Gold through SP5, consider updating to a version that includes a fix for this issue.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Bea Weblogic Server