CVE-2005-4704

First published: Sat Dec 31 2005(Updated: )

Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 8.1 through SP3, 7.0 through SP6, and 6.1 through SP7, when SSL is intended to be used, causes an unencrypted protocol to be used in certain unspecified circumstances, which causes user credentials to be sent across the network in cleartext and allows remote attackers to gain privileges.

Credit: cve@mitre.org

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/nvd-historical
• collector/nvd-index
• agent/severity
• agent/references
• agent/last-modified-date
• agent/softwarecombine
• agent/first-publish-date
• agent/remedy
• agent/type
• agent/author
• agent/description
• agent/weakness
• agent/event
• agent/tags
• collector/mitre-cve
• source/MITRE
• vendor/bea
• canonical/bea weblogic server
• version/bea weblogic server/6.1-sp4
• version/bea weblogic server/8.1
• version/bea weblogic server/6.1-sp5
• version/bea weblogic server/6.1-sp6
• version/bea weblogic server/7.0-sp4
• version/bea weblogic server/7.0
• version/bea weblogic server/6.1-sp3
• version/bea weblogic server/7.0-sp6
• version/bea weblogic server/7.0-sp3
• version/bea weblogic server/8.1-sp3
• version/bea weblogic server/7.0-sp2
• version/bea weblogic server/7.0-sp5
• version/bea weblogic server/6.1-sp1
• version/bea weblogic server/8.1-sp2
• version/bea weblogic server/6.1
• version/bea weblogic server/7.0-sp1
• version/bea weblogic server/8.1-sp1
• version/bea weblogic server/6.1-sp2