PT-2007-1882 · Bea · Bea Weblogic Server

Published

2007-01-23

Updated

2011-03-08

CVE-2007-0411

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions BEA WebLogic Server versions 8.1 through 8.1 SP5 BEA WebLogic Server version 9.0 BEA WebLogic Server version 9.1 BEA WebLogic Server version 9.2 Gold

Description The issue allows remote attackers to conduct a man-in-the-middle (MITM) attack when WS-Security is used, due to improper validation of certificates.

Recommendations For BEA WebLogic Server versions 8.1 through 8.1 SP5, update the certificate validation process to properly verify certificates. For BEA WebLogic Server version 9.0, ensure that WS-Security is configured to validate certificates correctly. For BEA WebLogic Server version 9.1, verify that the certificate validation mechanism is enabled and properly configured. For BEA WebLogic Server version 9.2 Gold, check the WS-Security configuration to ensure it properly handles certificate validation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-0411

Affected Products

Bea Weblogic Server

PT-2007-1882 · Bea · Bea Weblogic Server

CVE-2007-0411

Related Identifiers

Affected Products

References · 8