Vulnerability Description
BEA WebLogic Server before 8.1 Service Pack 4 does not properly set the Quality of Service in certain circumstances, which prevents some transmissions from being encrypted via SSL, and allows remote attackers to more easily read potentially sensitive network traffic.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bea | Weblogic Server | 8.1 |
References
- http://dev2dev.bea.com/pub/advisory/194PatchVendor Advisory
- http://secunia.com/advisories/20130PatchVendor Advisory
- http://securitytracker.com/id?1016102Patch
- http://www.vupen.com/english/advisories/2006/1828
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26459
- http://dev2dev.bea.com/pub/advisory/194PatchVendor Advisory
- http://secunia.com/advisories/20130PatchVendor Advisory
- http://securitytracker.com/id?1016102Patch
- http://www.vupen.com/english/advisories/2006/1828
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26459
FAQ
What is CVE-2006-2461?
CVE-2006-2461 is a vulnerability with a CVSS score of 5.0 (MEDIUM). BEA WebLogic Server before 8.1 Service Pack 4 does not properly set the Quality of Service in certain circumstances, which prevents some transmissions from being encrypted via SSL, and allows remote a...
How severe is CVE-2006-2461?
CVE-2006-2461 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-2461?
Check the references section above for vendor advisories and patch information. Affected products include: Bea Weblogic Server.