CVE-2007-0408 in WebLogicinfo

Summary

BEA Weblogic Server 8.1 through 8.1 SP4 does not properly validate client certificates when reusing cached connections, which allows remote attackers to obtain access via an untrusted X.509 certificate.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Reservation

01/22/2007

Disclosure

01/22/2007

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilityCWEExpCouCVE
2860BEA WebLogic JRockit memory corruption119Proof-of-ConceptOfficial fixCVE-2007-0408
2859BEA WebLogic Profile Remote Code Execution
 
Proof-of-ConceptOfficial fixCVE-2007-0408
2858BEA WebLogic Sockets denial of service404Proof-of-ConceptOfficial fixCVE-2007-0408
2857BEA WebLogic HTTP Request denial of service404Proof-of-ConceptOfficial fixCVE-2007-0408
2856BEA WebLogic HTTP Request Remote Code Execution
 
Proof-of-ConceptOfficial fixCVE-2007-0408
2855BEA WebLogic EJB Remote Code Execution
 
Proof-of-ConceptOfficial fixCVE-2007-0408
2854BEA WebLogic EJB Remote Code Execution
 
Proof-of-ConceptOfficial fixCVE-2007-0408
2853BEA WebLogic WSSE Certificate Local Privilege Escalation
 
Proof-of-ConceptOfficial fixCVE-2007-0408
2852BEA WebLogic Access Control Update Local Privilege Escalation
 
Proof-of-ConceptOfficial fixCVE-2007-0408
2851BEA WebLogic web.xml denial of service404Proof-of-ConceptOfficial fixCVE-2007-0408
2850BEA WebLogic Backup config.xml missing encryption311Proof-of-ConceptOfficial fixCVE-2007-0408
2849BEA WebLogic ear File information disclosure200Proof-of-ConceptOfficial fixCVE-2007-0408
2848BEA WebLogic WS-Security Remote Code Execution
 
Proof-of-ConceptOfficial fixCVE-2007-0408
2847BEA WebLogic Thread Management denial of service404Proof-of-ConceptOfficial fixCVE-2007-0408
2846BEA WebLogic JDBCDataSourceFactory missing encryption311Proof-of-ConceptOfficial fixCVE-2007-0408
2844BEA WebLogic SSL missing encryption311Proof-of-ConceptOfficial fixCVE-2007-0408

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!