CVE-2005-4705 — Weblogic Server vulnerability

3 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

0.2%

top 54.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

BEA Weblogic Server

Timeline

PublishedDec 31

Latest updateMay 1

Description

BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7, when a Java client application creates an SSL connection to the server after it has already created an insecure connection, will use the insecure connection, which allows remote attackers to sniff the connection.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDbea/weblogic_server6.1, 7.0, 8.1+2

Patches

Patch: dev2dev.bea.com ↗Patch: www.osvdb.org ↗Patch: dev2dev.bea.com ↗

🔴Vulnerability Details

GHSA

GHSA-6v6g-fc5r-ggpx: BEA WebLogic Server and WebLogic Express 8↗2022-05-01

▶

CVEList

CVE-2005-4705: BEA WebLogic Server and WebLogic Express 8↗2006-02-01

▶