Strix
26.1K

CVE-2005-4705

UnknownEPSS 1.88%

Last modified

CVE-2005-4705 is a vulnerability of currently unknown severity. BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7, when a Java client application creates an SSL connection to the server after it has already created an insecure connection, will use the insecure connection, which allows remote attackers to sniff the connection.. EPSS estimates a 1.88% chance of exploitation in the next 30 days.

Description

BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7, when a Java client application creates an SSL connection to the server after it has already created an insecure connection, will use the insecure connection, which allows remote attackers to sniff the connection.

Metrics

EPSS Probability
1.88%

76.9th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersionsUpdate
BeaWeblogic Server6.1Sp1
BeaWeblogic Server7.0Sp1
BeaWeblogic Server8.1Sp1

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2005-4705?
BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7, when a Java client application creates an SSL connection to the server after it has already created an insecure connection, will use the insecure connection, which allows remote attackers to sniff the connection.
How severe is CVE-2005-4705?
Severity scoring for CVE-2005-4705 is pending analysis. The EPSS model estimates a 1.88% probability of exploitation in the next 30 days.
How do I fix CVE-2005-4705?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2005-4705?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST