CVE-2005-4766 — MEDIUM (5.4)

Vulnerability Description

BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP5 and earlier, do not encrypt multicast traffic, which might allow remote attackers to read sensitive cluster synchronization messages by sniffing the multicast traffic.

CVSS Score

5.4

MEDIUM

AV:N/AC:H/Au:N/C:C/I:N/A:N

Confidentiality

COMPLETE

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Bea	Weblogic Server	7.0

References

http://dev2dev.bea.com/pub/advisory/157PatchVendor Advisory
http://secunia.com/advisories/17138PatchVendor Advisory
http://www.securityfocus.com/bid/15052Patch
http://dev2dev.bea.com/pub/advisory/157PatchVendor Advisory
http://secunia.com/advisories/17138PatchVendor Advisory
http://www.securityfocus.com/bid/15052Patch

FAQ

What is CVE-2005-4766?

CVE-2005-4766 is a vulnerability with a CVSS score of 5.4 (MEDIUM). BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP5 and earlier, do not encrypt multicast traffic, which might allow remote attackers to read sensitive cluster synchronization me...

How severe is CVE-2005-4766?

CVE-2005-4766 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2005-4766?

Check the references section above for vendor advisories and patch information. Affected products include: Bea Weblogic Server.