What is the severity of CVE-2005-4704?

CVE-2005-4704 is considered a moderate severity vulnerability that affects user credential security.

How does CVE-2005-4704 affect BEA WebLogic Server?

CVE-2005-4704 causes an unencrypted protocol to be used under certain circumstances, leading to user credentials being sent in plaintext.

Which versions of BEA WebLogic Server are affected by CVE-2005-4704?

CVE-2005-4704 affects BEA WebLogic Server versions 6.1 through SP7 and 7.0 through SP6, along with version 8.1 through SP3.

How do I fix CVE-2005-4704?

To fix CVE-2005-4704, upgrade to a patched version of BEA WebLogic Server that resolves this issue.

Is there any workaround for CVE-2005-4704?

A potential workaround for CVE-2005-4704 includes ensuring SSL is correctly configured to prevent the fallback to unencrypted protocols.

Vulnerability/
CVE-2005-4704

medium

CWE

NVD-CWE-Other

31/12/2005

1/2/2006

7/8/2024

CVE-2005-4704

First published: Sat Dec 31 2005(Updated: )

Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 8.1 through SP3, 7.0 through SP6, and 6.1 through SP7, when SSL is intended to be used, causes an unencrypted protocol to be used in certain unspecified circumstances, which causes user credentials to be sent across the network in cleartext and allows remote attackers to gain privileges.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Oracle WebLogic Server	=6.1-sp4
Oracle WebLogic Server	=8.1
Oracle WebLogic Server	=6.1-sp5
Oracle WebLogic Server	=6.1-sp6
Oracle WebLogic Server	=7.0-sp4
Oracle WebLogic Server	=7.0
Oracle WebLogic Server	=6.1-sp3
Oracle WebLogic Server	=7.0-sp6
Oracle WebLogic Server	=7.0-sp3
Oracle WebLogic Server	=8.1-sp3
Oracle WebLogic Server	=7.0-sp2
Oracle WebLogic Server	=7.0-sp5
Oracle WebLogic Server	=6.1-sp1
Oracle WebLogic Server	=8.1-sp2
Oracle WebLogic Server	=6.1
Oracle WebLogic Server	=7.0-sp1
Oracle WebLogic Server	=8.1-sp1
Oracle WebLogic Server	=6.1-sp2

Remedy

http://dev2dev.bea.com/pub/advisory/140

Remedy

http://www.osvdb.org/20094

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2005-4704?
CVE-2005-4704 is considered a moderate severity vulnerability that affects user credential security.
How does CVE-2005-4704 affect BEA WebLogic Server?
CVE-2005-4704 causes an unencrypted protocol to be used under certain circumstances, leading to user credentials being sent in plaintext.
Which versions of BEA WebLogic Server are affected by CVE-2005-4704?
CVE-2005-4704 affects BEA WebLogic Server versions 6.1 through SP7 and 7.0 through SP6, along with version 8.1 through SP3.
How do I fix CVE-2005-4704?
To fix CVE-2005-4704, upgrade to a patched version of BEA WebLogic Server that resolves this issue.
Is there any workaround for CVE-2005-4704?
A potential workaround for CVE-2005-4704 includes ensuring SSL is correctly configured to prevent the fallback to unencrypted protocols.

agent/references
agent/softwarecombine
agent/first-publish-date
agent/remedy
agent/type
collector/mitre-cve
source/MITRE
agent/severity
agent/weakness
agent/author
agent/last-modified-date
agent/description
agent/event
agent/source
agent/tags
collector/nvd-historical
agent/software-canonical-lookup-request
collector/nvd-index
vendor/bea
canonical/oracle weblogic server
version/oracle weblogic server/6.1-sp4
version/oracle weblogic server/8.1
version/oracle weblogic server/6.1-sp5
version/oracle weblogic server/6.1-sp6
version/oracle weblogic server/7.0-sp4
version/oracle weblogic server/7.0
version/oracle weblogic server/6.1-sp3
version/oracle weblogic server/7.0-sp6
version/oracle weblogic server/7.0-sp3
version/oracle weblogic server/8.1-sp3
version/oracle weblogic server/7.0-sp2
version/oracle weblogic server/7.0-sp5
version/oracle weblogic server/6.1-sp1
version/oracle weblogic server/8.1-sp2
version/oracle weblogic server/6.1
version/oracle weblogic server/7.0-sp1
version/oracle weblogic server/8.1-sp1
version/oracle weblogic server/6.1-sp2

CVE-2005-4704

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2005-4704?

How does CVE-2005-4704 affect BEA WebLogic Server?

Which versions of BEA WebLogic Server are affected by CVE-2005-4704?

How do I fix CVE-2005-4704?

Is there any workaround for CVE-2005-4704?

Company

Resources

Contact