CVE-2007-4613Weblogic Server vulnerability

3 documents3 sources
Severity
6.8MEDIUMNVD
CNA5.0
EPSS
0.7%
top 29.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
BEA Weblogic Server
Timeline
PublishedAug 31
Latest updateMay 1

Description

SSL libraries in BEA WebLogic Server 6.1 Gold through SP7, 7.0 Gold through SP7, and 8.1 Gold through SP5 might allow remote attackers to obtain plaintext from an SSL stream via a man-in-the-middle attack that injects crafted data and measures the elapsed time before an error response, a different vulnerability than CVE-2006-2461.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

NVDbea/weblogic_server4 versions+3

Patches

Patch: dev2dev.bea.comPatch: www.securityfocus.comPatch: dev2dev.bea.com

🔴Vulnerability Details

2
GHSA
GHSA-cgvm-pqx4-697h: SSL libraries in BEA WebLogic Server 62022-05-01
CVEList
CVE-2007-4613: SSL libraries in BEA WebLogic Server 62007-08-31
CVE-2007-4613 — BEA Weblogic Server vulnerability | cvebase