Lucene search

[email protected]CVE-2007-4616

HistoryAug 31, 2007 - 12:17 a.m.

CVE-2007-4616

2007-08-3100:17:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

bea weblogic

ssl

server

implementation

vulnerability

nvd

cve-2007-4616

7.5 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.008 Low

EPSS

Percentile

81.8%

JSON

The SSL server implementation in BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP1, and 10.0 sometimes selects the null cipher when no other cipher is compatible between the server and client, which might allow remote attackers to intercept communications.

CPENameOperatorVersion
bea:weblogic_serverbea weblogic servereq7.0
bea:weblogic_serverbea weblogic servereq8.1
bea:weblogic_serverbea weblogic servereq9.0
bea:weblogic_serverbea weblogic servereq9.2
bea:weblogic_serverbea weblogic servereq9.1
bea:weblogic_serverbea weblogic servereq10.0

CPE	Name	Operator	Version
bea:weblogic_server	bea weblogic server	eq	7.0
bea:weblogic_server	bea weblogic server	eq	8.1
bea:weblogic_server	bea weblogic server	eq	9.0
bea:weblogic_server	bea weblogic server	eq	9.2
bea:weblogic_server	bea weblogic server	eq	9.1
bea:weblogic_server	bea weblogic server	eq	10.0

References

dev2dev.bea.com/pub/advisory/245

secunia.com/advisories/26539

securitytracker.com/id?1018620

www.securityfocus.com/bid/25472

www.vupen.com/english/advisories/2007/3008

exchange.xforce.ibmcloud.com/vulnerabilities/36320

7.5 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.008 Low

EPSS

Percentile

81.8%

JSON

Related for CVE-2007-4616

prion1 cvelist1