CVE-2005-4749
BEA WebLogic Server and WebLogic Express - HTTP Request Smuggling
Title source: llmDescription
HTTP request smuggling vulnerability in BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier allows remote attackers to inject arbitrary HTTP headers via unspecified attack vectors.
References (5)
Core 5
Core References
Patch, Vendor Advisory vendor-advisory
x_refsource_bea
http://dev2dev.bea.com/pub/advisory/159
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/17163
Patch, Vendor Advisory vendor-advisory
x_refsource_bea
http://dev2dev.bea.com/pub/advisory/177
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/15052
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/17138
Scores
EPSS
0.0177
EPSS Percentile
82.9%
Details
Status
published
Products (3)
bea/weblogic_server
6.1 (16 CPE variants)
bea/weblogic_server
7.0 (14 CPE variants)
bea/weblogic_server
8.1 (10 CPE variants)
Published
Dec 31, 2005
Tracked Since
Feb 18, 2026