Description
Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 8.1 through SP3, 7.0 through SP6, and 6.1 through SP7, when SSL is intended to be used, causes an unencrypted protocol to be used in certain unspecified circumstances, which causes user credentials to be sent across the network in cleartext and allows remote attackers to gain privileges.
References (2)
Core 2
Core References
Patch, Vendor Advisory vendor-advisory
x_refsource_bea
http://dev2dev.bea.com/pub/advisory/140
Patch vdb-entry
x_refsource_osvdb
http://www.osvdb.org/20094
Scores
EPSS
0.0026
EPSS Percentile
49.3%
Details
Status
published
Products (3)
bea/weblogic_server
6.1 (7 CPE variants)
bea/weblogic_server
7.0 (7 CPE variants)
bea/weblogic_server
8.1 (4 CPE variants)
Published
Dec 31, 2005
Tracked Since
Feb 18, 2026