CVE-2007-0411 Information

Description

BEA WebLogic Server 8.1 through 8.1 SP5 9.0 9.1 and 9.2 Gold when WS-Security is used does not properly validate certificates which allows remote attackers to conduct a man-in-the-middle (MITM) attack.

Reference

http://dev2dev.bea.com/pub/advisory/205 http://osvdb.org/38503 http://secunia.com/advisories/23750 http://securitytracker.com/id?1017525 http://www.securityfocus.com/bid/22082 http://www.vupen.com/english/advisories/2007/0213