5

CVE-2003-1221

BEA WebLogic Express and Server 7.0 through 8.1 SP 1, under certain circumstances when a request to use T3 over SSL (t3s) is made to the insecure T3 port, may use a non-SSL connection for the communication, which could allow attackers to sniff sessions.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
BeaWeblogic Server Version7.0
BeaWeblogic Server Version7.0 Editionexpress
BeaWeblogic Server Version7.0 Editionwin32
BeaWeblogic Server Version7.0 Updatesp1
BeaWeblogic Server Version7.0 Updatesp1 Editionexpress
BeaWeblogic Server Version7.0 Updatesp1 Editionwin32
BeaWeblogic Server Version7.0 Updatesp2
BeaWeblogic Server Version7.0 Updatesp2 Editionexpress
BeaWeblogic Server Version7.0 Updatesp2 Editionwin32
BeaWeblogic Server Version7.0 Updatesp3
BeaWeblogic Server Version7.0 Updatesp3 Editionexpress
BeaWeblogic Server Version7.0 Updatesp3 Editionwin32
BeaWeblogic Server Version7.0 Updatesp4 Editionwin32
BeaWeblogic Server Version7.0.0.1
BeaWeblogic Server Version7.0.0.1 Editionexpress
BeaWeblogic Server Version7.0.0.1 Editionwin32
BeaWeblogic Server Version7.0.0.1 Updatesp1
BeaWeblogic Server Version7.0.0.1 Updatesp1 Editionexpress
BeaWeblogic Server Version7.0.0.1 Updatesp1 Editionwin32
BeaWeblogic Server Version7.0.0.1 Updatesp2
BeaWeblogic Server Version7.0.0.1 Updatesp2 Editionexpress
BeaWeblogic Server Version7.0.0.1 Updatesp2 Editionwin32
BeaWeblogic Server Version8.1
BeaWeblogic Server Version8.1 Editionexpress
BeaWeblogic Server Version8.1 Updatesp1
BeaWeblogic Server Version8.1 Updatesp1 Editionexpress
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.38% 0.566
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:P/A:N