CVE Vulnerabilities

CVE-2007-4615

Published: Aug 31, 2007 | Modified: Jul 29, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.4 MEDIUM
AV:N/AC:L/Au:N/C:P/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

The SSL client implementation in BEA WebLogic Server 7.0 SP7, 8.1 SP2 through SP6, 9.0, 9.1, 9.2 Gold through MP2, and 10.0 sometimes selects the null cipher when others are available, which might allow remote attackers to intercept communications.

Affected Software

Name Vendor Start Version End Version
Weblogic_server Bea * 9.2 (including)
Weblogic_server Bea 7.0-sp7 (including) 7.0-sp7 (including)
Weblogic_server Bea 8.1-sp2 (including) 8.1-sp2 (including)
Weblogic_server Bea 8.1-sp3 (including) 8.1-sp3 (including)
Weblogic_server Bea 8.1-sp4 (including) 8.1-sp4 (including)
Weblogic_server Bea 8.1-sp5 (including) 8.1-sp5 (including)
Weblogic_server Bea 8.1-sp6 (including) 8.1-sp6 (including)
Weblogic_server Bea 9.0 (including) 9.0 (including)
Weblogic_server Bea 9.1 (including) 9.1 (including)
Weblogic_server Bea 10.0 (including) 10.0 (including)

References