{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-08-28T00:00:00", "descriptions": [{"lang": "en", "value": "The SSL client implementation in BEA WebLogic Server 7.0 SP7, 8.1 SP2 through SP6, 9.0, 9.1, 9.2 Gold through MP2, and 10.0 sometimes selects the null cipher when others are available, which might allow remote attackers to intercept communications."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "26539", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26539"}, {"name": "BEA07-175.00", "tags": ["vendor-advisory", "x_refsource_BEA"], "url": "http://dev2dev.bea.com/pub/advisory/244"}, {"name": "25472", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/25472"}, {"name": "ADV-2007-3008", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/3008"}, {"name": "1018619", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1018619"}, {"name": "weblogic-cipher-information-disclosure(36322)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36322"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-4615", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The SSL client implementation in BEA WebLogic Server 7.0 SP7, 8.1 SP2 through SP6, 9.0, 9.1, 9.2 Gold through MP2, and 10.0 sometimes selects the null cipher when others are available, which might allow remote attackers to intercept communications."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "26539", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26539"}, {"name": "BEA07-175.00", "refsource": "BEA", "url": "http://dev2dev.bea.com/pub/advisory/244"}, {"name": "25472", "refsource": "BID", "url": "http://www.securityfocus.com/bid/25472"}, {"name": "ADV-2007-3008", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/3008"}, {"name": "1018619", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1018619"}, {"name": "weblogic-cipher-information-disclosure(36322)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36322"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T15:01:09.673Z"}, "title": "CVE Program Container", "references": [{"name": "26539", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26539"}, {"name": "BEA07-175.00", "tags": ["vendor-advisory", "x_refsource_BEA", "x_transferred"], "url": "http://dev2dev.bea.com/pub/advisory/244"}, {"name": "25472", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/25472"}, {"name": "ADV-2007-3008", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/3008"}, {"name": "1018619", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1018619"}, {"name": "weblogic-cipher-information-disclosure(36322)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36322"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-4615", "datePublished": "2007-08-31T00:00:00", "dateReserved": "2007-08-30T00:00:00", "dateUpdated": "2024-08-07T15:01:09.673Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bea:weblogic_server:*:mp2:*:*:*:*:*:*", "matchCriteriaId": "C2A3768A-527C-4CDA-A544-E34AD84D8B8A", "versionEndIncluding": "9.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp7:*:*:*:*:*:*", "matchCriteriaId": "F5D61A68-E83A-4374-832A-C9A2FEA0AD6C", "vulnerable": true}, {"criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "D18E22CC-A0FC-4BC7-AD39-2645F57486C1", "vulnerable": true}, {"criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp3:*:*:*:*:*:*", "matchCriteriaId": "9429D939-FCC4-4BA7-90C4-BBEECE7309D0", "vulnerable": true}, {"criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp4:*:*:*:*:*:*", "matchCriteriaId": "0653ACAC-B0D9-4381-AB23-11D24852A414", "vulnerable": true}, {"criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp5:*:*:*:*:*:*", "matchCriteriaId": "2A489A8E-D3AE-42DF-8DCF-5A9EF10778FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp6:*:*:*:*:*:*", "matchCriteriaId": "7A75A7F9-A99A-4C8E-9867-71FA8A55DD70", "vulnerable": true}, {"criteria": "cpe:2.3:a:bea:weblogic_server:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "3CA97F1A-49F7-4511-8959-D62155491DF5", "vulnerable": true}, {"criteria": "cpe:2.3:a:bea:weblogic_server:9.1:*:*:*:*:*:*:*", "matchCriteriaId": "DCAAE8F1-CB25-4871-BE48-ABF7DFAD8AD6", "vulnerable": true}, {"criteria": "cpe:2.3:a:bea:weblogic_server:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "60F9ABCC-5217-4650-8C71-F8B0EB86789F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The SSL client implementation in BEA WebLogic Server 7.0 SP7, 8.1 SP2 through SP6, 9.0, 9.1, 9.2 Gold through MP2, and 10.0 sometimes selects the null cipher when others are available, which might allow remote attackers to intercept communications."}, {"lang": "es", "value": "La implementaci\u00f3n del cliente SSL en el BEA WebLogic Server 7.0 SP7, el 8.1 SP2 hasta el SP6, el 9.0, el 9.1, el 9.2 Gold hasta el MP2 y el 10.0, selecciona algunas veces una clave nula cuando otras est\u00e1n habilitadas, lo que puede permitir a atacantes remotos interceptar las comunicaciones."}], "id": "CVE-2007-4615", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-08-31T00:17:00.000", "references": [{"source": "cve@mitre.org", "url": "http://dev2dev.bea.com/pub/advisory/244"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/26539"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1018619"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/25472"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/3008"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36322"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://dev2dev.bea.com/pub/advisory/244"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/26539"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1018619"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/25472"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/3008"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36322"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}