CVE-2005-4766 Information

Description

BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier and 7.0 SP5 and earlier do not encrypt multicast traffic which might allow remote attackers to read sensitive cluster synchronization messages by sniffing the multicast traffic.

Reference

http://dev2dev.bea.com/pub/advisory/157 http://secunia.com/advisories/17138 http://www.securityfocus.com/bid/15052