Vulnerabilities > CVE-2004-1756 - Unspecified vulnerability in BEA Weblogic Server 7.0/8.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
BEA WebLogic Server and WebLogic Express 8.1 SP2 and earlier, and 7.0 SP4 and earlier, when using 2-way SSL with a custom trust manager, may accept a certificate chain even if the trust manager rejects it, which allows remote attackers to spoof other users or servers.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 20 |