CVE-2006-2461
published 2006-05-19CVE-2006-2461: BEA WebLogic Server before 8.1 Service Pack 4 does not properly set the Quality of Service in certain circumstances, which prevents some transmissions from…
PriorityP421medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
2.11%
79.4th percentile
BEA WebLogic Server before 8.1 Service Pack 4 does not properly set the Quality of Service in certain circumstances, which prevents some transmissions from being encrypted via SSL, and allows remote attackers to more easily read potentially sensitive network traffic.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bea | weblogic_server | — | — |
| bea | weblogic_server | — | — |
| bea | weblogic_server | — | — |
| bea | weblogic_server | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-p4hg-w9qj-343r: BEA WebLogic Server before 8
ghsa_unreviewed·2022-05-01
CVE-2006-2461 [MEDIUM] GHSA-p4hg-w9qj-343r: BEA WebLogic Server before 8
BEA WebLogic Server before 8.1 Service Pack 4 does not properly set the Quality of Service in certain circumstances, which prevents some transmissions from being encrypted via SSL, and allows remote attackers to more easily read potentially sensitive network traffic.
GHSA
GHSA-cgvm-pqx4-697h: SSL libraries in BEA WebLogic Server 6
ghsa_unreviewed·2022-05-01·CVSS 5.0
CVE-2007-4613 [MEDIUM] GHSA-cgvm-pqx4-697h: SSL libraries in BEA WebLogic Server 6
SSL libraries in BEA WebLogic Server 6.1 Gold through SP7, 7.0 Gold through SP7, and 8.1 Gold through SP5 might allow remote attackers to obtain plaintext from an SSL stream via a man-in-the-middle attack that injects crafted data and measures the elapsed time before an error response, a different vulnerability than CVE-2006-2461.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://dev2dev.bea.com/pub/advisory/194http://secunia.com/advisories/20130http://securitytracker.com/id?1016102http://www.vupen.com/english/advisories/2006/1828https://exchange.xforce.ibmcloud.com/vulnerabilities/26459http://dev2dev.bea.com/pub/advisory/194http://secunia.com/advisories/20130http://securitytracker.com/id?1016102http://www.vupen.com/english/advisories/2006/1828https://exchange.xforce.ibmcloud.com/vulnerabilities/26459
2006-05-19
Published