CVE-2007-4613 — MEDIUM (6.8)

Vulnerability Description

SSL libraries in BEA WebLogic Server 6.1 Gold through SP7, 7.0 Gold through SP7, and 8.1 Gold through SP5 might allow remote attackers to obtain plaintext from an SSL stream via a man-in-the-middle attack that injects crafted data and measures the elapsed time before an error response, a different vulnerability than CVE-2006-2461.

CVSS Score

6.8

MEDIUM

AV:N/AC:M/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Bea	Weblogic Server	6.0

Related Weaknesses (CWE)

CWE-310

References

http://dev2dev.bea.com/pub/advisory/201PatchVendor Advisory
http://osvdb.org/45838Broken Link
http://www.securityfocus.com/bid/22082PatchThird Party AdvisoryVDB Entry
http://dev2dev.bea.com/pub/advisory/201PatchVendor Advisory
http://osvdb.org/45838Broken Link
http://www.securityfocus.com/bid/22082PatchThird Party AdvisoryVDB Entry

FAQ

What is CVE-2007-4613?

CVE-2007-4613 is a vulnerability with a CVSS score of 6.8 (MEDIUM). SSL libraries in BEA WebLogic Server 6.1 Gold through SP7, 7.0 Gold through SP7, and 8.1 Gold through SP5 might allow remote attackers to obtain plaintext from an SSL stream via a man-in-the-middle at...

How severe is CVE-2007-4613?

CVE-2007-4613 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2007-4613?

Check the references section above for vendor advisories and patch information. Affected products include: Bea Weblogic Server.