CVE-2007-4615
Summary
| CVE | CVE-2007-4615 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2007-08-31 00:17:00 UTC |
| Updated | 2017-07-29 01:33:00 UTC |
| Description | The SSL client implementation in BEA WebLogic Server 7.0 SP7, 8.1 SP2 through SP6, 9.0, 9.1, 9.2 Gold through MP2, and 10.0 sometimes selects the null cipher when others are available, which might allow remote attackers to intercept communications. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Bea | Weblogic Server | 10.0 | All | All | All |
| Application | Bea | Weblogic Server | 7.0 | sp7 | All | All |
| Application | Bea | Weblogic Server | 8.1 | sp2 | All | All |
| Application | Bea | Weblogic Server | 8.1 | sp3 | All | All |
| Application | Bea | Weblogic Server | 8.1 | sp4 | All | All |
| Application | Bea | Weblogic Server | 8.1 | sp5 | All | All |
| Application | Bea | Weblogic Server | 8.1 | sp6 | All | All |
| Application | Bea | Weblogic Server | 9.0 | All | All | All |
| Application | Bea | Weblogic Server | 9.1 | All | All | All |
| Application | Bea | Weblogic Server | 10.0 | All | All | All |
| Application | Bea | Weblogic Server | 7.0 | sp7 | All | All |
| Application | Bea | Weblogic Server | 8.1 | sp2 | All | All |
| Application | Bea | Weblogic Server | 8.1 | sp3 | All | All |
| Application | Bea | Weblogic Server | 8.1 | sp4 | All | All |
| Application | Bea | Weblogic Server | 8.1 | sp5 | All | All |
| Application | Bea | Weblogic Server | 8.1 | sp6 | All | All |
| Application | Bea | Weblogic Server | 9.0 | All | All | All |
| Application | Bea | Weblogic Server | 9.1 | All | All | All |
| Application | Bea | Weblogic Server | All | mp2 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| SSL clients may not find all possible cipher suites resulting in use of the default null cipher (no encryption) | BEA | dev2dev.bea.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | |
| BEA WebLogic Multiple Vulnerabilities and Security Issues - Advisories - Secunia | SECUNIA | secunia.com | Patch, Vendor Advisory |
| BEA WebLogic Server Null Cipher Suite Multiple Information Disclosure Vulnerabilities | BID | www.securityfocus.com | |
| WebLogic SSL Clients May Use Null Encryption - SecurityTracker | SECTRACK | securitytracker.com | |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.