Vulnerability Description
BEA WebLogic Server and WebLogic Express 8.1 SP2 and earlier, and 7.0 SP4 and earlier, when using 2-way SSL with a custom trust manager, may accept a certificate chain even if the trust manager rejects it, which allows remote attackers to spoof other users or servers.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bea | Weblogic Server | 7.0 |
References
- http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_54.00.jspPatchVendor Advisory
- http://secunia.com/advisories/11358PatchVendor Advisory
- http://securitytracker.com/id?1009765PatchVendor Advisory
- http://www.kb.cert.org/vuls/id/566390PatchThird Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/10132PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15862
- http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_54.00.jspPatchVendor Advisory
- http://secunia.com/advisories/11358PatchVendor Advisory
- http://securitytracker.com/id?1009765PatchVendor Advisory
- http://www.kb.cert.org/vuls/id/566390PatchThird Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/10132PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15862
FAQ
What is CVE-2004-1756?
CVE-2004-1756 is a vulnerability with a CVSS score of 5.0 (MEDIUM). BEA WebLogic Server and WebLogic Express 8.1 SP2 and earlier, and 7.0 SP4 and earlier, when using 2-way SSL with a custom trust manager, may accept a certificate chain even if the trust manager reject...
How severe is CVE-2004-1756?
CVE-2004-1756 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-1756?
Check the references section above for vendor advisories and patch information. Affected products include: Bea Weblogic Server.