CVE

Id
10183  
CVE No.
CVE-2004-1755  
Status
Candidate  
Description
The Web Services fat client for BEA WebLogic Server and Express 7.0 SP4 and earlier, when using 2-way SSL and multiple certificates to connect to the same URL, may use the incorrect identity after the first connection, which could allow users to gain privileges.  
Phase
Assigned (20050310)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
69990 10183 CVE-2004-1755 CONFIRM:http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_47.00.jsp  View
69991 10183 CVE-2004-1755 CERT-VN:VU#858990  View
69992 10183 CVE-2004-1755 URL:http://www.kb.cert.org/vuls/id/858990  View
69993 10183 CVE-2004-1755 BID:9502  View
69994 10183 CVE-2004-1755 URL:http://www.securityfocus.com/bid/9502  View
69995 10183 CVE-2004-1755 SECUNIA:10725  View
69996 10183 CVE-2004-1755 URL:http://secunia.com/advisories/10725  View
69997 10183 CVE-2004-1755 XF:weblogic-multiple-connection-gain-access(15826)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
62797 JVNDB-2004-000138 BEA WebLogic Server の Custom Trust Manager におけるなりすましの脆弱性 BEA WebLogic Server には、証明書連鎖が有効であると判断され、かつ、Custom Trust Manager で証明書連鎖を拒否すると、その後の証明書連鎖が有効と判断されてしまう不備が存在するため、正当なユーザへのなりすましを行われる脆弱性が存在します。 CVE-2004-1756 10183 5 http://jvndb.jvn.jp/ja/contents/2004/JVNDB-2004-000138.html  View