PT-2005-5428 · Bea · Bea Weblogic Server+1

Published

2005-12-31

Updated

2008-09-05

CVE-2005-4765

CVSS v2.0

7.6

High

Vector

AV:N/AC:H/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions BEA WebLogic Server and WebLogic Express versions 8.1 SP4 and earlier BEA WebLogic Server and WebLogic Express versions 7.0 SP6 and earlier

Description The issue arises when using the weblogic.Deployer command with the t3 protocol. Even when an Administration port is enabled on the Administration server, the secure t3s protocol is not used, which might allow remote attackers to sniff the connection.

Recommendations For BEA WebLogic Server and WebLogic Express versions 8.1 SP4 and earlier, consider using the secure t3s protocol instead of t3 when deploying with the weblogic.Deployer command. For BEA WebLogic Server and WebLogic Express versions 7.0 SP6 and earlier, consider using the secure t3s protocol instead of t3 when deploying with the weblogic.Deployer command.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-4765

Affected Products

Bea Weblogic Server

Weblogic Express

PT-2005-5428 · Bea · Bea Weblogic Server+1

CVE-2005-4765

Related Identifiers

Affected Products

References · 5