This script is Copyright (C) 2003-2012 Tenable Network Security, Inc.
The remote service is vulnerable to an impersonation attack.
The remote web server is running WebLogic.
There is a bug in this version that could allow an attacker to perform
a man-in-the-middle attack against the remote server by supplying a
An attacker with a legitimate certificate could use this flaw to
impersonate any other user on the remote server.
See also :
Upgrade to listed versions or higher, as it has been reported to fix
this vulnerability. Upgrades and/or patches are required as there are
no known workarounds.
WebLogic Server and Express 7.0 or 220.127.116.11:
- Apply Service Pack 2.
- If using NSAPI Plugin, ISAPI Plugin, or Apache Plugin should upgrade to the 7.0
Service Pack 2 version of the Plugin.
WebLogic Server and Express 6.1:
- Apply Service Pack 5.
- If using NSAPI Plugin, ISAPI Plugin, or Apache Plugin should upgrade to the 6.1
Service Pack 5 version of the Plugin.
WebLogic Server and Express 5.1:
- Apply Service Pack 13.
- Apply CR090101_src510 patch.
WebLogic Enterprise 5.1:
- Apply Rolling Patch 145 or later.
WebLogic Enterprise 5.0:
- Apply Rolling Patch 59 or later.
WebLogic Tuxedo 8.1:
- Apply Rolling Patch 12 or later.
WebLogic Tuxedo 8.0:
- Apply Rolling Patch 166 or later.
Risk factor :
Medium / CVSS Base Score : 6.4