CVE-2006-2461

high

Description

BEA WebLogic Server before 8.1 Service Pack 4 does not properly set the Quality of Service in certain circumstances, which prevents some transmissions from being encrypted via SSL, and allows remote attackers to more easily read potentially sensitive network traffic.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/26459

http://www.vupen.com/english/advisories/2006/1828

http://securitytracker.com/id?1016102

http://secunia.com/advisories/20130

http://dev2dev.bea.com/pub/advisory/194

Details

Source: Mitre, NVD

Published: 2006-05-19

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

EPSS

EPSS: 0.00378