Описание
BEA WebLogic Server and WebLogic Express 8.1 SP2 and earlier, and 7.0 SP4 and earlier, when using 2-way SSL with a custom trust manager, may accept a certificate chain even if the trust manager rejects it, which allows remote attackers to spoof other users or servers.
BEA WebLogic Server and WebLogic Express 8.1 SP2 and earlier, and 7.0 SP4 and earlier, when using 2-way SSL with a custom trust manager, may accept a certificate chain even if the trust manager rejects it, which allows remote attackers to spoof other users or servers.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2004-1756
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15862
- http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_54.00.jsp
- http://secunia.com/advisories/11358
- http://securitytracker.com/id?1009765
- http://www.kb.cert.org/vuls/id/566390
- http://www.securityfocus.com/bid/10132
EPSS
CVE ID
Связанные уязвимости
BEA WebLogic Server and WebLogic Express 8.1 SP2 and earlier, and 7.0 SP4 and earlier, when using 2-way SSL with a custom trust manager, may accept a certificate chain even if the trust manager rejects it, which allows remote attackers to spoof other users or servers.
EPSS