CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2004-1756

BEA WebLogic Server and WebLogic Express 8.1 SP2 and earlier, and 7.0 SP4 and earlier, when using 2-way SSL with a custom trust manager, may accept a certificate chain even if the trust manager rejects it, which allows remote attackers to spoof other users or servers.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.018

EPSS Ranking 81.9%

CVSS Severity

CVSS v2 Score 5.0

References

http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_54.00.jsp
http://secunia.com/advisories/11358
http://securitytracker.com/id?1009765
http://www.kb.cert.org/vuls/id/566390
http://www.securityfocus.com/bid/10132
https://exchange.xforce.ibmcloud.com/vulnerabilities/15862
http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_54.00.jsp
http://secunia.com/advisories/11358
http://securitytracker.com/id?1009765
http://www.kb.cert.org/vuls/id/566390
http://www.securityfocus.com/bid/10132
https://exchange.xforce.ibmcloud.com/vulnerabilities/15862

Products affected by CVE-2004-1756

Bea » Weblogic Server » Version: 7.0

cpe:2.3:a:bea:weblogic_server:7.0
Bea » Weblogic Server » Version: 8.1

cpe:2.3:a:bea:weblogic_server:8.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2004-1756

Products

Pricing

Contact Us