CVE-2005-4766
First published: Sat Dec 31 2005(Updated: )
BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP5 and earlier, do not encrypt multicast traffic, which might allow remote attackers to read sensitive cluster synchronization messages by sniffing the multicast traffic.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle WebLogic Server | =8.1 | |
| Oracle WebLogic Server | =8.1-sp4 | |
| Oracle WebLogic Server | =7.0-sp2 | |
| Oracle WebLogic Server | =8.1 | |
| Oracle WebLogic Server | =7.0-sp4 | |
| Oracle WebLogic Server | =7.0 | |
| Oracle WebLogic Server | =7.0-sp3 | |
| Oracle WebLogic Server | =8.1-sp1 | |
| Oracle WebLogic Server | =8.1-sp3 | |
| Oracle WebLogic Server | =7.0-sp2 | |
| Oracle WebLogic Server | =8.1-sp3 | |
| Oracle WebLogic Server | =7.0-sp3 | |
| Oracle WebLogic Server | =8.1 | |
| Oracle WebLogic Server | =8.1-sp4 | |
| Oracle WebLogic Server | =7.0-sp5 | |
| Oracle WebLogic Server | =7.0-sp5 | |
| Oracle WebLogic Server | =7.0-sp5 | |
| Oracle WebLogic Server | =8.1-sp1 | |
| Oracle WebLogic Server | =7.0-sp2 | |
| Oracle WebLogic Server | =8.1-sp3 | |
| Oracle WebLogic Server | =8.1-sp2 | |
| Oracle WebLogic Server | =7.0-sp3 | |
| Oracle WebLogic Server | =7.0-sp1 | |
| Oracle WebLogic Server | =7.0-sp1 | |
| Oracle WebLogic Server | =7.0-sp4 | |
| Oracle WebLogic Server | =8.1-sp1 | |
| Oracle WebLogic Server | =7.0-sp1 | |
| Oracle WebLogic Server | =8.1-sp2 | |
| Oracle WebLogic Server | =8.1-sp4 | |
| Oracle WebLogic Server | =7.0 | |
| Oracle WebLogic Server | =8.1-sp2 | |
| Oracle WebLogic Server | =7.0 | |
| Oracle WebLogic Server | =7.0-sp4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2005-4766?
CVE-2005-4766 has been classified as a high severity vulnerability due to its potential to expose sensitive information.
How do I fix CVE-2005-4766?
To fix CVE-2005-4766, you should upgrade to a version of BEA WebLogic Server that encrypts multicast traffic.
What versions are affected by CVE-2005-4766?
CVE-2005-4766 affects BEA WebLogic Server versions 8.1 SP4 and earlier, and 7.0 SP5 and earlier.
What potential risks are associated with CVE-2005-4766?
The primary risk of CVE-2005-4766 is that remote attackers could intercept and read sensitive cluster synchronization messages.
Is there a workaround for CVE-2005-4766?
While the recommended solution is to upgrade, temporarily restricting multicast traffic may mitigate some risks associated with CVE-2005-4766.
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/remedy
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/bea
- canonical/oracle weblogic server
- version/oracle weblogic server/8.1
- version/oracle weblogic server/8.1-sp4
- version/oracle weblogic server/7.0-sp2
- version/oracle weblogic server/7.0-sp4
- version/oracle weblogic server/7.0
- version/oracle weblogic server/7.0-sp3
- version/oracle weblogic server/8.1-sp1
- version/oracle weblogic server/8.1-sp3
- version/oracle weblogic server/7.0-sp5
- version/oracle weblogic server/8.1-sp2
- version/oracle weblogic server/7.0-sp1