Vulnerability Description
The Web Services fat client for BEA WebLogic Server and Express 7.0 SP4 and earlier, when using 2-way SSL and multiple certificates to connect to the same URL, may use the incorrect identity after the first connection, which could allow users to gain privileges.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bea | Weblogic Server | 7.0 |
References
- http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_47.00.jspPatch
- http://secunia.com/advisories/10725Patch
- http://www.kb.cert.org/vuls/id/858990Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/9502Patch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15826
- http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_47.00.jspPatch
- http://secunia.com/advisories/10725Patch
- http://www.kb.cert.org/vuls/id/858990Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/9502Patch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15826
FAQ
What is CVE-2004-1755?
CVE-2004-1755 is a vulnerability with a CVSS score of 7.5 (HIGH). The Web Services fat client for BEA WebLogic Server and Express 7.0 SP4 and earlier, when using 2-way SSL and multiple certificates to connect to the same URL, may use the incorrect identity after the...
How severe is CVE-2004-1755?
CVE-2004-1755 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-1755?
Check the references section above for vendor advisories and patch information. Affected products include: Bea Weblogic Server.