CVE-2007-0408
published 2007-01-23CVE-2007-0408: BEA Weblogic Server 8.1 through 8.1 SP4 does not properly validate client certificates when reusing cached connections, which allows remote attackers to obtain…
PriorityP431high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
1.00%
58.3th percentile
BEA Weblogic Server 8.1 through 8.1 SP4 does not properly validate client certificates when reusing cached connections, which allows remote attackers to obtain access via an untrusted X.509 certificate.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bea | weblogic_server | <= 8.1 | — |
| bea | weblogic_server | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
CWE
Not Using Complete Mediation
mitre_cwe
CWE-638 Not Using Complete Mediation
CWE-638: Not Using Complete Mediation
The product does not perform access checks on a resource every time the resource is accessed by an entity, which can create resultant weaknesses if that entity's rights or privileges change over time.
Modes of Introduction:
Phase: Implementation
Phase: Operation
Common Consequences:
Scope: Integrity, Confidentiality, Availability, Access Control, Other. Impact: Gain Privileges or Assume Identity, Execute Unauthorized Code or Commands, Bypass Protection Mechanism, Read Application Data, Other. A user might retain access to a critical resource even after privileges have been revoked, possibly allowing access to privileged functionality or sensitive information, depending on the role of the resource.
Potential Mitigations:
[Architecture and Design] In
CWE
Violation of Secure Design Principles
mitre_cwe
CWE-657 Violation of Secure Design Principles
CWE-657: Violation of Secure Design Principles
The product violates well-established principles for secure design.
This can introduce resultant weaknesses or make it easier for developers to introduce related weaknesses during implementation. Because code is centered around design, it can be resource-intensive to fix design problems.
Modes of Introduction:
Phase: Architecture and Design
Common Consequences:
Scope: Other. Impact: Other.
Examples:
Switches may revert their functionality to that of hubs when the table used to map ARP information to the switch interface overflows, such as when under a spoofing attack. This results in traffic being broadcast to an eavesdropper, instead of being sent only on the relevant switch interface. To mitigate this type of problem, the developer coul
http://dev2dev.bea.com/pub/advisory/202http://osvdb.org/38500http://secunia.com/advisories/23750http://securitytracker.com/id?1017519http://www.securityfocus.com/bid/22082http://www.vupen.com/english/advisories/2007/0213http://dev2dev.bea.com/pub/advisory/202http://osvdb.org/38500http://secunia.com/advisories/23750http://securitytracker.com/id?1017519http://www.securityfocus.com/bid/22082http://www.vupen.com/english/advisories/2007/0213
2007-01-23
Published