Vulnerability Details : CVE-2005-4749
HTTP request smuggling vulnerability in BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier allows remote attackers to inject arbitrary HTTP headers via unspecified attack vectors.
Exploit prediction scoring system (EPSS) score for CVE-2005-4749
Probability of exploitation activity in the next 30 days: 0.33%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 70 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2005-4749
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST |
References for CVE-2005-4749
-
http://dev2dev.bea.com/pub/advisory/159
Patch;Vendor Advisory
-
http://dev2dev.bea.com/pub/advisory/177
Patch;Vendor Advisory
-
http://www.securityfocus.com/bid/17163
Third Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/15052
Third Party Advisory;VDB Entry
Products affected by CVE-2005-4749
- cpe:2.3:a:bea:weblogic_server:6.1:*:*:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:6.1:sp1:*:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:6.1:sp1:express:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:6.1:sp2:express:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:6.1:*:express:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:6.1:sp3:*:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:6.1:sp3:express:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:7.0:*:express:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:6.1:sp2:*:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:7.0:sp1:express:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:7.0:sp2:*:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:6.1:sp4:*:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:6.1:sp4:express:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:7.0:sp1:*:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:7.0:sp2:express:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:7.0:sp3:express:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:7.0:sp3:*:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:8.1:*:express:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:8.1:sp3:*:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:8.1:sp3:express:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:6.1:sp6:*:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:6.1:sp5:*:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:6.1:sp5:express:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:7.0:sp5:*:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:8.1:sp2:*:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:8.1:sp4:express:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:7.0:sp5:express:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:8.1:sp2:express:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:7.0:sp4:*:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:7.0:sp4:express:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:8.1:sp1:*:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:8.1:sp1:express:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:8.1:sp4:*:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:8.1:*:*:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:6.1:sp6:express:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:7.0:sp6:*:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:6.1:sp7:*:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:6.1:sp7:express:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:7.0:sp6:express:*:*:*:*:*