BEA WebLogic Server and WebLogic Express 8.1 SP2 and previous versions, and 7.0 SP4 and previous versions, when using 2-way SSL with a custom trust manager, may accept a certificate chain even if the trust manager rejects it, which allows remote malicious users to spoof other users or servers.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
bea weblogic server 8.1 |
||
bea weblogic server 7.0 |