7.5
CVE-2007-0408
- EPSS 1%
- Veröffentlicht 23.01.2007 00:28:00
- Zuletzt bearbeitet 16.06.2026 22:35:30
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
BEA Weblogic Server 8.1 through 8.1 SP4 does not properly validate client certificates when reusing cached connections, which allows remote attackers to obtain access via an untrusted X.509 certificate.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Bea ≫ Weblogic Server Updatesp4 Version <= 8.1
Bea ≫ Weblogic Server Version8.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1% | 0.581 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
http://dev2dev.bea.com/pub/advisory/202
http://osvdb.org/38500
http://secunia.com/advisories/23750
http://securitytracker.com/id?1017519
http://www.securityfocus.com/bid/22082
http://www.vupen.com/english/advisories/2007/0213