Vulnerability Details CVE-2007-0408
BEA Weblogic Server 8.1 through 8.1 SP4 does not properly validate client certificates when reusing cached connections, which allows remote attackers to obtain access via an untrusted X.509 certificate.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 67.0%
CVSS Severity
CVSS v2 Score 7.5
References
- http://dev2dev.bea.com/pub/advisory/202
- http://osvdb.org/38500
- http://secunia.com/advisories/23750
- http://securitytracker.com/id?1017519
- http://www.securityfocus.com/bid/22082
- http://www.vupen.com/english/advisories/2007/0213
- http://dev2dev.bea.com/pub/advisory/202
- http://osvdb.org/38500
- http://secunia.com/advisories/23750
- http://securitytracker.com/id?1017519
- http://www.securityfocus.com/bid/22082
- http://www.vupen.com/english/advisories/2007/0213
Products affected by CVE-2007-0408
-
cpe:2.3:a:bea:weblogic_server:5.1
-
cpe:2.3:a:bea:weblogic_server:6.1
-
cpe:2.3:a:bea:weblogic_server:7.0
-
cpe:2.3:a:bea:weblogic_server:7.0.0.1
-
cpe:2.3:a:bea:weblogic_server:8.1