CVE-2005-4749HTTP Request Smuggling in Weblogic Server

3 documents3 sources
Severity
5.0MEDIUMNVD
EPSS
1.8%
top 17.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
BEA Weblogic Server
Timeline
PublishedDec 31
Latest updateMay 1

Description

HTTP request smuggling vulnerability in BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier allows remote attackers to inject arbitrary HTTP headers via unspecified attack vectors.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDbea/weblogic_server6.1, 7.0, 8.1+2

Patches

Patch: dev2dev.bea.comPatch: dev2dev.bea.comPatch: dev2dev.bea.com

🔴Vulnerability Details

2
GHSA
GHSA-hp3w-wv98-497f: HTTP request smuggling vulnerability in BEA WebLogic Server and WebLogic Express 82022-05-01
CVEList
CVE-2005-4749: HTTP request smuggling vulnerability in BEA WebLogic Server and WebLogic Express 82006-04-01
CVE-2005-4749 — HTTP Request Smuggling | cvebase