CVE-2005-4705
First published: Sat Dec 31 2005(Updated: )
BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7, when a Java client application creates an SSL connection to the server after it has already created an insecure connection, will use the insecure connection, which allows remote attackers to sniff the connection.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle WebLogic Server | =7.0-sp2 | |
| Oracle WebLogic Server | =6.1-sp4 | |
| Oracle WebLogic Server | =6.1-sp5 | |
| Oracle WebLogic Server | =6.1-sp6 | |
| Oracle WebLogic Server | =7.0-sp4 | |
| Oracle WebLogic Server | =6.1-sp1 | |
| Oracle WebLogic Server | =6.1-sp4 | |
| Oracle WebLogic Server | =6.1-sp7 | |
| Oracle WebLogic Server | =6.1-sp3 | |
| Oracle WebLogic Server | =7.0-sp6 | |
| Oracle WebLogic Server | =7.0-sp3 | |
| Oracle WebLogic Server | =8.1-sp3 | |
| Oracle WebLogic Server | =7.0-sp2 | |
| Oracle WebLogic Server | =7.0-sp3 | |
| Oracle WebLogic Server | =8.1-sp4 | |
| Oracle WebLogic Server | =7.0-sp5 | |
| Oracle WebLogic Server | =7.0-sp5 | |
| Oracle WebLogic Server | =6.1-sp1 | |
| Oracle WebLogic Server | =8.1-sp1 | |
| Oracle WebLogic Server | =8.1-sp3 | |
| Oracle WebLogic Server | =8.1-sp2 | |
| Oracle WebLogic Server | =6.1-sp2 | |
| Oracle WebLogic Server | =7.0-sp1 | |
| Oracle WebLogic Server | =6.1-sp5 | |
| Oracle WebLogic Server | =8.1-sp1 | |
| Oracle WebLogic Server | =6.1-sp3 | |
| Oracle WebLogic Server | =7.0-sp1 | |
| Oracle WebLogic Server | =8.1-sp4 | |
| Oracle WebLogic Server | =6.1-sp2 | |
| Oracle WebLogic Server | =8.1-sp2 | |
| Oracle WebLogic Server | =6.1-sp7 | |
| Oracle WebLogic Server | =7.0-sp6 | |
| Oracle WebLogic Server | =7.0-sp4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2005-4705?
CVE-2005-4705 has a medium severity level due to its potential for remote exploitation.
How do I fix CVE-2005-4705?
To fix CVE-2005-4705, upgrade to a patched version of Oracle WebLogic Server that addresses this vulnerability.
What versions of WebLogic Server are affected by CVE-2005-4705?
CVE-2005-4705 affects WebLogic Server versions 6.1 SP1-SP7, 7.0 SP1-SP6, and 8.1 SP1-SP4.
Can exploitation of CVE-2005-4705 lead to data loss?
Yes, exploitation of CVE-2005-4705 can allow attackers to sniff sensitive data, potentially leading to data loss.
Is there a recommended mitigation for CVE-2005-4705?
In addition to upgrading, a recommended mitigation for CVE-2005-4705 is to enforce secure protocols for all connections to the server.
- agent/references
- agent/type
- agent/remedy
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/bea
- canonical/oracle weblogic server
- version/oracle weblogic server/7.0-sp2
- version/oracle weblogic server/6.1-sp4
- version/oracle weblogic server/6.1-sp5
- version/oracle weblogic server/6.1-sp6
- version/oracle weblogic server/7.0-sp4
- version/oracle weblogic server/6.1-sp1
- version/oracle weblogic server/6.1-sp7
- version/oracle weblogic server/6.1-sp3
- version/oracle weblogic server/7.0-sp6
- version/oracle weblogic server/7.0-sp3
- version/oracle weblogic server/8.1-sp3
- version/oracle weblogic server/8.1-sp4
- version/oracle weblogic server/7.0-sp5
- version/oracle weblogic server/8.1-sp1
- version/oracle weblogic server/8.1-sp2
- version/oracle weblogic server/6.1-sp2
- version/oracle weblogic server/7.0-sp1