Description
SSL libraries in BEA WebLogic Server 6.1 Gold through SP7, 7.0 Gold through SP7, and 8.1 Gold through SP5 might allow remote attackers to obtain plaintext from an SSL stream via a man-in-the-middle attack that injects crafted data and measures the elapsed time before an error response, a different vulnerability than CVE-2006-2461.
References (3)
Core 3
Core References
Patch, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/22082
Patch, Vendor Advisory vendor-advisory
x_refsource_bea
http://dev2dev.bea.com/pub/advisory/201
Broken Link vdb-entry
x_refsource_osvdb
http://osvdb.org/45838
Scores
EPSS
0.0083
EPSS Percentile
74.8%
Details
CWE
CWE-310
Status
published
Products (4)
bea/weblogic_server
6.0
bea/weblogic_server
6.1 sp1 (7 CPE variants)
bea/weblogic_server
7.0 (8 CPE variants)
bea/weblogic_server
8.1 (6 CPE variants)
Published
Aug 31, 2007
Tracked Since
Feb 18, 2026