Vulnerabilities > CVE-2004-1756 - Unspecified vulnerability in BEA Weblogic Server 7.0/8.1
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
BEA WebLogic Server and WebLogic Express 8.1 SP2 and earlier, and 7.0 SP4 and earlier, when using 2-way SSL with a custom trust manager, may accept a certificate chain even if the trust manager rejects it, which allows remote attackers to spoof other users or servers.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 20 |
References
- http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_54.00.jsp
- http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_54.00.jsp
- http://secunia.com/advisories/11358
- http://secunia.com/advisories/11358
- http://securitytracker.com/id?1009765
- http://securitytracker.com/id?1009765
- http://www.kb.cert.org/vuls/id/566390
- http://www.kb.cert.org/vuls/id/566390
- http://www.securityfocus.com/bid/10132
- http://www.securityfocus.com/bid/10132
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15862
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15862