Vulnerability Details CVE-2004-1755
The Web Services fat client for BEA WebLogic Server and Express 7.0 SP4 and earlier, when using 2-way SSL and multiple certificates to connect to the same URL, may use the incorrect identity after the first connection, which could allow users to gain privileges.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 59.1%
CVSS Severity
CVSS v2 Score 7.5
References
- http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_47.00.jsp
- http://secunia.com/advisories/10725
- http://www.kb.cert.org/vuls/id/858990
- http://www.securityfocus.com/bid/9502
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15826
- http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_47.00.jsp
- http://secunia.com/advisories/10725
- http://www.kb.cert.org/vuls/id/858990
- http://www.securityfocus.com/bid/9502
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15826
Products affected by CVE-2004-1755
-
cpe:2.3:a:bea:weblogic_server:7.0