This script is Copyright (C) 2003-2012 Tenable Network Security, Inc.
The remote service is vulnerable to an impersonation attack.
The remote web server is running WebLogic.
There is a bug in this version that could allow an attacker to perform
a man-in-the-middle attack against the remote server by supplying a
An attacker with a legitimate certificate could use this flaw to
impersonate any other user on the remote server.
See also :
Upgrade to listed versions or higher, as it has been reported to fix
this vulnerability. Upgrades and/or patches are required as there are
no known workarounds.
WebLogic Server and Express 7.0 or 18.104.22.168:
- Apply Service Pack 2.
- If using NSAPI Plugin, ISAPI Plugin, or Apache Plugin should upgrade to the 7.0
Service Pack 2 version of the Plugin.
WebLogic Server and Express 6.1:
- Apply Service Pack 5.
- If using NSAPI Plugin, ISAPI Plugin, or Apache Plugin should upgrade to the 6.1
Service Pack 5 version of the Plugin.
WebLogic Server and Express 5.1:
- Apply Service Pack 13.
- Apply CR090101_src510 patch.
WebLogic Enterprise 5.1:
- Apply Rolling Patch 145 or later.
WebLogic Enterprise 5.0:
- Apply Rolling Patch 59 or later.
WebLogic Tuxedo 8.1:
- Apply Rolling Patch 12 or later.
WebLogic Tuxedo 8.0:
- Apply Rolling Patch 166 or later.
Risk factor :
Medium / CVSS Base Score : 6.4
Family: Web Servers
Nessus Plugin ID: 11628 ()
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.