Vulnerability Description
Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 8.1 through SP3, 7.0 through SP6, and 6.1 through SP7, when SSL is intended to be used, causes an unencrypted protocol to be used in certain unspecified circumstances, which causes user credentials to be sent across the network in cleartext and allows remote attackers to gain privileges.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bea | Weblogic Server | 6.1 |
References
- http://dev2dev.bea.com/pub/advisory/140PatchVendor Advisory
- http://www.osvdb.org/20094Patch
- http://dev2dev.bea.com/pub/advisory/140PatchVendor Advisory
- http://www.osvdb.org/20094Patch
FAQ
What is CVE-2005-4704?
CVE-2005-4704 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 8.1 through SP3, 7.0 through SP6, and 6.1 through SP7, when SSL is intended to be used, causes an unencrypted protocol to be used ...
How severe is CVE-2005-4704?
CVE-2005-4704 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-4704?
Check the references section above for vendor advisories and patch information. Affected products include: Bea Weblogic Server.