CVE-2007-4616
Summary
| CVE | CVE-2007-4616 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2007-08-31 00:17:00 UTC |
| Updated | 2018-10-26 14:03:00 UTC |
| Description | The SSL server implementation in BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP1, and 10.0 sometimes selects the null cipher when no other cipher is compatible between the server and client, which might allow remote attackers to intercept communications. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Bea | Weblogic Server | 10.0 | All | All | All |
| Application | Bea | Weblogic Server | 7.0 | All | All | All |
| Application | Bea | Weblogic Server | 7.0 | sp1 | All | All |
| Application | Bea | Weblogic Server | 7.0 | sp2 | All | All |
| Application | Bea | Weblogic Server | 7.0 | sp3 | All | All |
| Application | Bea | Weblogic Server | 7.0 | sp4 | All | All |
| Application | Bea | Weblogic Server | 7.0 | sp5 | All | All |
| Application | Bea | Weblogic Server | 7.0 | sp6 | All | All |
| Application | Bea | Weblogic Server | 7.0 | sp7 | All | All |
| Application | Bea | Weblogic Server | 8.1 | All | All | All |
| Application | Bea | Weblogic Server | 8.1 | sp1 | All | All |
| Application | Bea | Weblogic Server | 8.1 | sp2 | All | All |
| Application | Bea | Weblogic Server | 8.1 | sp3 | All | All |
| Application | Bea | Weblogic Server | 8.1 | sp4 | All | All |
| Application | Bea | Weblogic Server | 8.1 | sp5 | All | All |
| Application | Bea | Weblogic Server | 8.1 | sp6 | All | All |
| Application | Bea | Weblogic Server | 9.0 | All | All | All |
| Application | Bea | Weblogic Server | 9.1 | All | All | All |
| Application | Bea | Weblogic Server | 9.2 | All | All | All |
| Application | Bea | Weblogic Server | 9.2 | mp1 | All | All |
| Application | Bea | Weblogic Server | 10.0 | All | All | All |
| Application | Bea | Weblogic Server | 7.0 | All | All | All |
| Application | Bea | Weblogic Server | 7.0 | sp1 | All | All |
| Application | Bea | Weblogic Server | 7.0 | sp2 | All | All |
| Application | Bea | Weblogic Server | 7.0 | sp3 | All | All |
| Application | Bea | Weblogic Server | 7.0 | sp4 | All | All |
| Application | Bea | Weblogic Server | 7.0 | sp5 | All | All |
| Application | Bea | Weblogic Server | 7.0 | sp6 | All | All |
| Application | Bea | Weblogic Server | 7.0 | sp7 | All | All |
| Application | Bea | Weblogic Server | 8.1 | All | All | All |
| Application | Bea | Weblogic Server | 8.1 | sp1 | All | All |
| Application | Bea | Weblogic Server | 8.1 | sp2 | All | All |
| Application | Bea | Weblogic Server | 8.1 | sp3 | All | All |
| Application | Bea | Weblogic Server | 8.1 | sp4 | All | All |
| Application | Bea | Weblogic Server | 8.1 | sp5 | All | All |
| Application | Bea | Weblogic Server | 8.1 | sp6 | All | All |
| Application | Bea | Weblogic Server | 9.0 | All | All | All |
| Application | Bea | Weblogic Server | 9.1 | All | All | All |
| Application | Bea | Weblogic Server | 9.2 | All | All | All |
| Application | Bea | Weblogic Server | 9.2 | mp1 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | Third Party Advisory |
| Oracle Fusion Middleware Technologies | BEA | dev2dev.bea.com | Patch |
| BEA WebLogic Multiple Vulnerabilities and Security Issues - Advisories - Secunia | SECUNIA | secunia.com | Patch, Vendor Advisory |
| BEA WebLogic Server Null Cipher Suite Multiple Information Disclosure Vulnerabilities | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| WebLogic SSL Server May Use Null Encryption - SecurityTracker | SECTRACK | securitytracker.com | Third Party Advisory, VDB Entry |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.