Vulnerability Description
The embedded LDAP server in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through Service Pack 5, allows remote anonymous binds, which may allow remote attackers to view user entries or cause a denial of service.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bea | Weblogic Server | 6.0 |
| Oracle | Weblogic Portal | 8.0 |
References
- http://dev2dev.bea.com/pub/advisory/131Vendor Advisory
- http://secunia.com/advisories/15486Vendor Advisory
- http://securitytracker.com/id?1014049
- http://www.securityfocus.com/bid/13717
- http://www.vupen.com/english/advisories/2005/0608
- http://dev2dev.bea.com/pub/advisory/131Vendor Advisory
- http://secunia.com/advisories/15486Vendor Advisory
- http://securitytracker.com/id?1014049
- http://www.securityfocus.com/bid/13717
- http://www.vupen.com/english/advisories/2005/0608
FAQ
What is CVE-2005-1748?
CVE-2005-1748 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The embedded LDAP server in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through Service Pack 5, allows remote anonymous binds, which may allow remote attackers to view user ent...
How severe is CVE-2005-1748?
CVE-2005-1748 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-1748?
Check the references section above for vendor advisories and patch information. Affected products include: Bea Weblogic Server, Oracle Weblogic Portal.