CVE-2007-4615Weblogic Server vulnerability

3 documents3 sources
Severity
6.4MEDIUMNVD
EPSS
0.8%
top 26.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
BEA Weblogic Server
Timeline
PublishedAug 31
Latest updateMay 1

Description

The SSL client implementation in BEA WebLogic Server 7.0 SP7, 8.1 SP2 through SP6, 9.0, 9.1, 9.2 Gold through MP2, and 10.0 sometimes selects the null cipher when others are available, which might allow remote attackers to intercept communications.

CVSS vector

AV:N/AC:L/C:P/I:P/A:NExploitability: 10.0 | Impact: 4.9

Affected Packages1 packages

Patches

Patch: secunia.comPatch: secunia.com

🔴Vulnerability Details

2
GHSA
GHSA-7jhf-r279-2cjx: The SSL client implementation in BEA WebLogic Server 72022-05-01
CVEList
CVE-2007-4615: The SSL client implementation in BEA WebLogic Server 72007-08-31
CVE-2007-4615 — BEA Weblogic Server vulnerability | cvebase