CGI abuses : WebLogic Server Invalid Certificate Chain

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.55676

Categoría: CGI abuses

Título: WebLogic Server Invalid Certificate Chain

Resumen: NOSUMMARY

Descripción: Description:

The remote host, according to its banner, is running a
WebLogic Server vulnerable to spoofing attacks. When using
2-way SSL with a custom trust manager, the server may accept
a certificate chain evenif the the trust manager rejects
it, which allows remote attackers to spoof other users or
servers.

Solution : Apply the latest service pack.
For 8.1, apply SP2 or SP3 and then patch CR129371
For 7.0, apply SP5
http://dev2dev.bea.com/pub/advisory/27

Risk factor : Medium

CVSS Score:
5.0

Referencia Cruzada: BugTraq ID: 10132
Common Vulnerability Exposure (CVE) ID: CVE-2004-1756
http://www.securityfocus.com/bid/10132
CERT/CC vulnerability note: VU#566390
http://www.kb.cert.org/vuls/id/566390
http://securitytracker.com/id?1009765
http://secunia.com/advisories/11358
XForce ISS Database: weblogic-trust-certificate-spoofing(15862)
https://exchange.xforce.ibmcloud.com/vulnerabilities/15862

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.55676
Categoría:	CGI abuses
Título:	WebLogic Server Invalid Certificate Chain
Resumen:	NOSUMMARY
Descripción:	Description: The remote host, according to its banner, is running a WebLogic Server vulnerable to spoofing attacks. When using 2-way SSL with a custom trust manager, the server may accept a certificate chain evenif the the trust manager rejects it, which allows remote attackers to spoof other users or servers. Solution : Apply the latest service pack. For 8.1, apply SP2 or SP3 and then patch CR129371 For 7.0, apply SP5 http://dev2dev.bea.com/pub/advisory/27 Risk factor : Medium CVSS Score: 5.0
Referencia Cruzada:	BugTraq ID: 10132 Common Vulnerability Exposure (CVE) ID: CVE-2004-1756 http://www.securityfocus.com/bid/10132 CERT/CC vulnerability note: VU#566390 http://www.kb.cert.org/vuls/id/566390 http://securitytracker.com/id?1009765 http://secunia.com/advisories/11358 XForce ISS Database: weblogic-trust-certificate-spoofing(15862) https://exchange.xforce.ibmcloud.com/vulnerabilities/15862
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com