1. CVE-Search
  2. CVE-2003-1221
ID CVE-2003-1221
Summary BEA WebLogic Express and Server 7.0 through 8.1 SP 1, under certain circumstances when a request to use T3 over SSL (t3s) is made to the insecure T3 port, may use a non-SSL connection for the communication, which could allow attackers to sniff sessions.
References
Vulnerable Configurations
  • cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0:*:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0:*:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0:*:win32:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0:*:win32:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0:sp1:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0:sp1:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0:sp1:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0:sp1:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0:sp1:win32:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0:sp1:win32:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0:sp2:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0:sp2:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0:sp2:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0:sp2:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0:sp2:win32:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0:sp2:win32:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0:sp3:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0:sp3:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0:sp3:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0:sp3:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0:sp3:win32:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0:sp3:win32:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0:sp4:win32:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0:sp4:win32:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:win32:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:win32:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:win32:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:win32:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:win32:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:win32:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:8.1:*:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:8.1:*:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:8.1:*:express:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:8.1:sp1:*:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:8.1:sp1:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_server:8.1:sp1:express:*:*:*:*:*
    cpe:2.3:a:bea:weblogic_server:8.1:sp1:express:*:*:*:*:*
CVSS
Base: 5.0 (as of 10-09-2008 - 19:22)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:P/A:N
refmap via4
bea BEA03-40.00
bid 9034
Last major update 10-09-2008 - 19:22
Published 31-12-2003 - 05:00
Last modified 10-09-2008 - 19:22
Back to Top