CVE-2007-4616Weblogic Server vulnerability

3 documents3 sources
Severity
6.4MEDIUMNVD
EPSS
0.9%
top 24.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
BEA Weblogic Server
Timeline
PublishedAug 31
Latest updateMay 1

Description

The SSL server implementation in BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP1, and 10.0 sometimes selects the null cipher when no other cipher is compatible between the server and client, which might allow remote attackers to intercept communications.

CVSS vector

AV:N/AC:L/C:P/I:P/A:NExploitability: 10.0 | Impact: 4.9

Affected Packages1 packages

NVDbea/weblogic_server6 versions+5

Patches

Patch: dev2dev.bea.comPatch: secunia.comPatch: dev2dev.bea.com

🔴Vulnerability Details

2
GHSA
GHSA-6cfv-xhhx-2j6w: The SSL server implementation in BEA WebLogic Server 72022-05-01
CVEList
CVE-2007-4616: The SSL server implementation in BEA WebLogic Server 72007-08-31
CVE-2007-4616 — BEA Weblogic Server vulnerability | cvebase