What is the severity of CVE-2003-1221?

CVE-2003-1221 has a high severity rating due to potential unauthorized access through non-SSL connections.

How do I fix CVE-2003-1221?

To fix CVE-2003-1221, ensure that T3 over SSL is correctly configured and users are directed to the secure T3s port.

What is the impact of CVE-2003-1221?

The impact of CVE-2003-1221 allows attackers to sniff sessions and potentially intercept sensitive data transmitted over an insecure connection.

Which versions of software are affected by CVE-2003-1221?

CVE-2003-1221 affects BEA WebLogic Express and Server versions 7.0 through 8.1 SP 1.

Can CVE-2003-1221 be exploited remotely?

Yes, CVE-2003-1221 can be exploited remotely if an attacker sends requests to the insecure T3 port.

Vulnerability/
CVE-2003-1221

medium

CWE

NVD-CWE-Other

31/12/2003

16/8/2005

8/8/2024

CVE-2003-1221

First published: Wed Dec 31 2003(Updated: )

BEA WebLogic Express and Server 7.0 through 8.1 SP 1, under certain circumstances when a request to use T3 over SSL (t3s) is made to the insecure T3 port, may use a non-SSL connection for the communication, which could allow attackers to sniff sessions.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Oracle WebLogic Server	=8.1
Oracle WebLogic Server	=7.0-sp2
Oracle WebLogic Server	=8.1
Oracle WebLogic Server	=7.0
Oracle WebLogic Server	=7.0.0.1-sp1
Oracle WebLogic Server	=7.0-sp3
Oracle WebLogic Server	=7.0.0.1-sp1
Oracle WebLogic Server	=7.0-sp2
Oracle WebLogic Server	=7.0.0.1
Oracle WebLogic Server	=7.0.0.1-sp2
Oracle WebLogic Server	=7.0-sp1
Oracle WebLogic Server	=7.0-sp1
Oracle WebLogic Server	=7.0-sp4
Oracle WebLogic Server	=7.0.0.1-sp2
Oracle WebLogic Server	=7.0.0.1-sp2
Oracle WebLogic Server	=7.0
Oracle WebLogic Server	=7.0
Oracle WebLogic Server	=8.1-sp1
Oracle WebLogic Server	=7.0.0.1
Oracle WebLogic Server	=7.0.0.1
Oracle WebLogic Server	=7.0-sp2
Oracle WebLogic Server	=7.0-sp3
Oracle WebLogic Server	=7.0.0.1-sp1
Oracle WebLogic Server	=7.0-sp1
Oracle WebLogic Server	=7.0-sp3
Oracle WebLogic Server	=8.1-sp1

Remedy

http://www.securityfocus.com/bid/9034

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2003-1221?
CVE-2003-1221 has a high severity rating due to potential unauthorized access through non-SSL connections.
How do I fix CVE-2003-1221?
To fix CVE-2003-1221, ensure that T3 over SSL is correctly configured and users are directed to the secure T3s port.
What is the impact of CVE-2003-1221?
The impact of CVE-2003-1221 allows attackers to sniff sessions and potentially intercept sensitive data transmitted over an insecure connection.
Which versions of software are affected by CVE-2003-1221?
CVE-2003-1221 affects BEA WebLogic Express and Server versions 7.0 through 8.1 SP 1.
Can CVE-2003-1221 be exploited remotely?
Yes, CVE-2003-1221 can be exploited remotely if an attacker sends requests to the insecure T3 port.

agent/references
agent/type
agent/first-publish-date
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/remedy
agent/weakness
agent/severity
agent/author
agent/last-modified-date
agent/description
agent/event
agent/source
agent/tags
collector/nvd-historical
vendor/bea
vendor/weblogic server
agent/software-canonical-lookup-request
collector/nvd-index
canonical/oracle weblogic server
version/oracle weblogic server/8.1
version/oracle weblogic server/7.0-sp2
version/oracle weblogic server/7.0
version/oracle weblogic server/7.0.0.1-sp1
version/oracle weblogic server/7.0-sp3
version/oracle weblogic server/7.0.0.1
version/oracle weblogic server/7.0.0.1-sp2
version/oracle weblogic server/7.0-sp1
version/oracle weblogic server/7.0-sp4
version/oracle weblogic server/8.1-sp1