PT-2003-2166 · Bea · Bea Weblogic Server+1

Published

2003-12-31

Updated

2008-09-10

CVE-2003-1221

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions BEA WebLogic Express and Server versions 7.0 through 8.1 SP 1

Description The issue arises under certain circumstances when a request to use T3 over SSL (t3s) is made to the insecure T3 port. As a result, the system may use a non-SSL connection for communication, potentially allowing attackers to sniff sessions.

Recommendations For BEA WebLogic Express and Server versions 7.0 through 8.1 SP 1, consider configuring the server to only accept SSL connections on the T3 port to prevent the use of non-SSL connections. Additionally, restrict access to the T3 port to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2003-1221

Affected Products

Bea Weblogic Express

Bea Weblogic Server

PT-2003-2166 · Bea · Bea Weblogic Server+1

CVE-2003-1221

Related Identifiers

Affected Products

References · 4