Vulnerability Description
The SSL server implementation in BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP1, and 10.0 sometimes selects the null cipher when no other cipher is compatible between the server and client, which might allow remote attackers to intercept communications.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bea | Weblogic Server | 7.0 |
References
- http://dev2dev.bea.com/pub/advisory/245Patch
- http://secunia.com/advisories/26539PatchVendor Advisory
- http://securitytracker.com/id?1018620Third Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/25472Third Party AdvisoryVDB Entry
- http://www.vupen.com/english/advisories/2007/3008Third Party Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36320Third Party AdvisoryVDB Entry
- http://dev2dev.bea.com/pub/advisory/245Patch
- http://secunia.com/advisories/26539PatchVendor Advisory
- http://securitytracker.com/id?1018620Third Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/25472Third Party AdvisoryVDB Entry
- http://www.vupen.com/english/advisories/2007/3008Third Party Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36320Third Party AdvisoryVDB Entry
FAQ
What is CVE-2007-4616?
CVE-2007-4616 is a vulnerability with a CVSS score of 6.4 (MEDIUM). The SSL server implementation in BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP1, and 10.0 sometimes selects the null cipher when no other cipher is comp...
How severe is CVE-2007-4616?
CVE-2007-4616 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-4616?
Check the references section above for vendor advisories and patch information. Affected products include: Bea Weblogic Server.