|
|
Info |
Last Modified |
| 8 months ago |
|
|
|
|
Description |
BEA WebLogic Server and Express contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the non-SSL port is specified for data transfer, which will disclose sensitive information resulting in a loss of confidentiality.
|
|
Classification |
Attack Type:
Information Disclosure
|
|
Technical |
A remote attacker could access WebLogic Server using SSL over the T3 protocol by specifing TS3 and requesting a non-SSL server port in the URL. This causes a connection to be established that is not encrypted, allowing an attacker to exploit this vulnerability by monitoring the network connection and obtaining sensitive information.
|
|
Solution |
Currently, there are no known workarounds or upgrades to correct this issue. However, BEA has released a patch to address this vulnerability. Please refer to the original vendor advisory for more details.
|
|
Products |
|
WebLogic Server
 |
7.0 |
8.1 |
WebLogic Express
|
7.0 |
8.1 |
|
|
|
|
Credit |
Unknown or Incomplete
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
