CVE-2007-0411
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
23/01/2007
Last modified:
08/03/2011
Description
BEA WebLogic Server 8.1 through 8.1 SP5, 9.0, 9.1, and 9.2 Gold, when WS-Security is used, does not properly validate certificates, which allows remote attackers to conduct a man-in-the-middle (MITM) attack.
Impact
Base Score 2.0
6.80
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:bea:weblogic_server:*:sp5:*:*:*:*:*:* | 8.1 (including) | |
cpe:2.3:a:bea:weblogic_server:8.1:*:*:*:*:*:*:* | ||
cpe:2.3:a:bea:weblogic_server:9.0:*:*:*:*:*:*:* | ||
cpe:2.3:a:bea:weblogic_server:9.1:*:*:*:*:*:*:* | ||
cpe:2.3:a:bea:weblogic_server:9.2:ga:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page