Description
BEA WebLogic Server and WebLogic Express 8.1 through 8.1 SP2 allow remote attackers to cause a denial of service (network port consumption) via unknown actions in HTTPS sessions, which prevents the server from releasing the network port when the session ends.
Product(s):
- BEA Systems WebLogic Server 8.1
- BEA WebLogic Server 8.1 Express Edition
- BEA WebLogic Server 8.1 on Win32
- BEA Systems WebLogic Server 8.1 SP1
- BEA Systems WebLogic Express 8.1 SP1
- BEA Systems WebLogic Server 8.1 SP1 Win32
- BEA Systems WebLogic Server 8.1 SP2
- BEA Systems WebLogic Express 8.1 SP2
- BEA Systems WebLogic Server 8.1 SP2 Win32
- BEA Systems WebLogic Server 8.1 SP3
- BEA Systems WebLogic Express 8.1 SP3
- BEA Systems WebLogic Server 8.1 SP3 Win32
- BEA Systems WebLogic Server 8.1 SP4
- BEA Systems WebLogic Express 8.1 SP4
- BEA Systems WebLogic Server 8.1 SP4 Win32
- BEA Systems WebLogic Server 8.1 SP5
- BEA Systems WebLogic Express 8.1 SP5
- BEA Systems WebLogic Server 8.1 SP5 Win32
- BEA Systems WebLogic Server 8.1 SP6
- BEA Systems WebLogic Express 8.1 SP6
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2004-2424, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2004-2424 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.