| Vulnerability Name: | CVE-2006-2461 (CCN-26459) | ||||||||
| Assigned: | 2006-05-15 | ||||||||
| Published: | 2006-05-15 | ||||||||
| Updated: | 2017-07-20 | ||||||||
| Summary: | BEA WebLogic Server before 8.1 Service Pack 4 does not properly set the Quality of Service in certain circumstances, which prevents some transmissions from being encrypted via SSL, and allows remote attackers to more easily read potentially sensitive network traffic. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Other | ||||||||
| References: | Source: MITRE Type: CNA CVE-2006-2461 Source: BEA Type: Patch, Vendor Advisory BEA06-132.00 Source: CCN Type: SA20130 BEA WebLogic Server/Express Multiple Security Issues Source: SECUNIA Type: Patch, Vendor Advisory 20130 Source: CCN Type: SECTRACK ID: 1016102 WebLogic Server Quality of Service Error Causes Transaction Coordinator Messages to Be Sent Unencrypted Source: SECTRACK Type: Patch 1016102 Source: CCN Type: OSVDB ID: 25545 BEA WebLogic Client Connection Manager QoS Protocol Downgrade Source: CCN Type: OSVDB ID: 45838 BEA WebLogic Server SSL MitM Plaintext Information Disclosure Source: CCN Type: BID-17982 BEA WebLogic Multiple Vulnerabilities Source: VUPEN Type: UNKNOWN ADV-2006-1828 Source: XF Type: UNKNOWN weblogic-transaction-channel-insecure(26459) Source: XF Type: UNKNOWN weblogic-transaction-channel-insecure(26459) Source: CCN Type: BEA Systems Inc. Security Advisory: (BEA06-132.00) Incorrect Quality of Service on some transaction coordination | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||