CVE-2007-0408

EPSS 0.85%
Published 23.01.2007 00:28:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

BEA Weblogic Server 8.1 through 8.1 SP4 does not properly validate client certificates when reusing cached connections, which allows remote attackers to obtain access via an untrusted X.509 certificate.

Affected products Warnungen 0 Metrics 2 CWE 0 References 9

Data is provided by the National Vulnerability Database (NVD)

Bea ≫ Weblogic Server Updatesp4 Version <= 8.1

Bea ≫ Weblogic Server Version8.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.85%	0.741

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://dev2dev.bea.com/pub/advisory/202

Patch

Vendor Advisory

http://osvdb.org/38500

http://secunia.com/advisories/23750

http://securitytracker.com/id?1017519

http://www.securityfocus.com/bid/22082

http://www.vupen.com/english/advisories/2007/0213

https://nvd.nist.gov/vuln/detail/CVE-2007-0408

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-0408

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-0408

EUVD