Qualys VM found the SSL Server Allows Anonymous Authentication Vulnerability on some servers. All solutions refer to Apache, IIS web servers, but not for WEBLOGIC.
Does somebody know how to correct this vuln in weblogic servers?
Detection of this vulnerability basically means that an attacker will be able to connect to the Server without using any authentication. How it detects this vulnerability has been broadly explained at https://community.qualys.com/docs/DOC-1097.
What operating system do you use? Have you enabled SSL support? Some SSL Ciphers allow anonymous authentication too. So choosing the right cipher suites and disabling null ciphers is the key to mitigating this vulnerability. You can do this from the admin console or Server > Configuration > SSL.
Best practices concise to your environment can be found here - http://docs.oracle.com/cd/E21764_01/web.1111/e13705/practices.htm
Hope this helps.
Retrieving data ...