|
BEA WebLogic Certificate Chain Validation Vulnerability
|
|
Secunia Advisory:
|
SA8778
|
|
|
Release Date:
|
2003-05-14
|
|
Popularity:
|
9,331 views
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
Spoofing
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | BEA Tuxedo 8.x
BEA WebLogic Enterprise 5.x
BEA WebLogic Express 5.x
BEA WebLogic Express 6.x
BEA WebLogic Express 7.x
BEA WebLogic Server 5.x
BEA WebLogic Server 6.x
BEA WebLogic Server 7.x
BEA WebLogic Server 8.x
|
|
|
Secunia CVSS-2 Score:
|
Available in Secunia business solutions 
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities
|
|
| Advisory Content (Page 1 of 3) | [ 1 ] [ 2 ] [ 3 ] | |
|
Description:
A vulnerability has been identified in BEA WebLogic and BEA Tuxedo allowing malicious people to spoof an identity. This vulnerability is similar to the certificate chain vulnerability found in Microsoft Windows and other products last year.
The problem is that the holder of a valid certificate can sign a fake certificate. The SSL implementation will then mistake the fake certificate as being issued by the CA (Certificate Authority) of the valid certificate.
Tuxedo and WebLogic therefore can't properly verify the authenticity of any client or server they communicate with using SSL based protocols.
Change Page:
[ 1 ] [ 2 ] [ 3 ]
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
