CVE-2003-1221 — Weblogic Server vulnerability

3 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

0.4%

top 40.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

BEA Weblogic Server

Timeline

PublishedDec 31

Latest updateApr 29

Description

BEA WebLogic Express and Server 7.0 through 8.1 SP 1, under certain circumstances when a request to use T3 over SSL (t3s) is made to the insecure T3 port, may use a non-SSL connection for the communication, which could allow attackers to sniff sessions.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDbea/weblogic_server7.0, 7.0.0.1, 8.1+2

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-876f-7fgx-hc7m: BEA WebLogic Express and Server 7↗2022-04-29

▶

CVEList

CVE-2003-1221: BEA WebLogic Express and Server 7↗2005-08-16

▶