OpenCVE

The SSL client implementation in BEA WebLogic Server 7.0 SP7, 8.1 SP2 through SP6, 9.0, 9.1, 9.2 Gold through MP2, and 10.0 sometimes selects the null cipher when others are available, which might allow remote attackers to intercept communications.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Bea	Weblogic Server

Configuration 1 [-]

OR	cpe:2.3:a:bea:weblogic_server::mp2::::::*
	cpe:2.3:a:bea:weblogic_server:7.0:sp7::::::
	cpe:2.3:a:bea:weblogic_server:8.1:sp2::::::
	cpe:2.3:a:bea:weblogic_server:8.1:sp3::::::
	cpe:2.3:a:bea:weblogic_server:8.1:sp4::::::
	cpe:2.3:a:bea:weblogic_server:8.1:sp5::::::
	cpe:2.3:a:bea:weblogic_server:8.1:sp6::::::
	cpe:2.3:a:bea:weblogic_server:9.0:::::::*
	cpe:2.3:a:bea:weblogic_server:9.1:::::::*
	cpe:2.3:a:bea:weblogic_server:10.0:::::::*

No data.

References

Link	Providers
http://dev2dev.bea.com/pub/advisory/244
http://secunia.com/advisories/26539
http://securitytracker.com/id?1018619
http://www.securityfocus.com/bid/25472
http://www.vupen.com/english/advisories/2007/3008
https://exchange.xforce.ibmcloud.com/vulnerabilities/36322

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-08-31T00:00:00

Updated: 2024-08-07T15:01:09.673Z

Reserved: 2007-08-30T00:00:00

Link: CVE-2007-4615

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-08-31T00:17:00.000

Modified: 2024-11-21T00:36:01.450

Link: CVE-2007-4615

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-08-28T00:00:00", "descriptions": [{"lang": "en", "value": "The SSL client implementation in BEA WebLogic Server 7.0 SP7, 8.1 SP2 through SP6, 9.0, 9.1, 9.2 Gold through MP2, and 10.0 sometimes selects the null cipher when others are available, which might allow remote attackers to intercept communications."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "26539", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26539"}, {"name": "BEA07-175.00", "tags": ["vendor-advisory", "x_refsource_BEA"], "url": "http://dev2dev.bea.com/pub/advisory/244"}, {"name": "25472", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/25472"}, {"name": "ADV-2007-3008", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/3008"}, {"name": "1018619", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1018619"}, {"name": "weblogic-cipher-information-disclosure(36322)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36322"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-4615", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The SSL client implementation in BEA WebLogic Server 7.0 SP7, 8.1 SP2 through SP6, 9.0, 9.1, 9.2 Gold through MP2, and 10.0 sometimes selects the null cipher when others are available, which might allow remote attackers to intercept communications."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "26539", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26539"}, {"name": "BEA07-175.00", "refsource": "BEA", "url": "http://dev2dev.bea.com/pub/advisory/244"}, {"name": "25472", "refsource": "BID", "url": "http://www.securityfocus.com/bid/25472"}, {"name": "ADV-2007-3008", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/3008"}, {"name": "1018619", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1018619"}, {"name": "weblogic-cipher-information-disclosure(36322)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36322"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T15:01:09.673Z"}, "title": "CVE Program Container", "references": [{"name": "26539", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26539"}, {"name": "BEA07-175.00", "tags": ["vendor-advisory", "x_refsource_BEA", "x_transferred"], "url": "http://dev2dev.bea.com/pub/advisory/244"}, {"name": "25472", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/25472"}, {"name": "ADV-2007-3008", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/3008"}, {"name": "1018619", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1018619"}, {"name": "weblogic-cipher-information-disclosure(36322)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36322"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-4615", "datePublished": "2007-08-31T00:00:00", "dateReserved": "2007-08-30T00:00:00", "dateUpdated": "2024-08-07T15:01:09.673Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bea:weblogic_server:*:mp2:*:*:*:*:*:*", "matchCriteriaId": "C2A3768A-527C-4CDA-A544-E34AD84D8B8A", "versionEndIncluding": "9.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp7:*:*:*:*:*:*", "matchCriteriaId": "F5D61A68-E83A-4374-832A-C9A2FEA0AD6C", "vulnerable": true}, {"criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp2:*:*:*:*:*:*", "matchCriteriaId": "D18E22CC-A0FC-4BC7-AD39-2645F57486C1", "vulnerable": true}, {"criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp3:*:*:*:*:*:*", "matchCriteriaId": "9429D939-FCC4-4BA7-90C4-BBEECE7309D0", "vulnerable": true}, {"criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp4:*:*:*:*:*:*", "matchCriteriaId": "0653ACAC-B0D9-4381-AB23-11D24852A414", "vulnerable": true}, {"criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp5:*:*:*:*:*:*", "matchCriteriaId": "2A489A8E-D3AE-42DF-8DCF-5A9EF10778FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp6:*:*:*:*:*:*", "matchCriteriaId": "7A75A7F9-A99A-4C8E-9867-71FA8A55DD70", "vulnerable": true}, {"criteria": "cpe:2.3:a:bea:weblogic_server:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "3CA97F1A-49F7-4511-8959-D62155491DF5", "vulnerable": true}, {"criteria": "cpe:2.3:a:bea:weblogic_server:9.1:*:*:*:*:*:*:*", "matchCriteriaId": "DCAAE8F1-CB25-4871-BE48-ABF7DFAD8AD6", "vulnerable": true}, {"criteria": "cpe:2.3:a:bea:weblogic_server:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "60F9ABCC-5217-4650-8C71-F8B0EB86789F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The SSL client implementation in BEA WebLogic Server 7.0 SP7, 8.1 SP2 through SP6, 9.0, 9.1, 9.2 Gold through MP2, and 10.0 sometimes selects the null cipher when others are available, which might allow remote attackers to intercept communications."}, {"lang": "es", "value": "La implementaci\u00f3n del cliente SSL en el BEA WebLogic Server 7.0 SP7, el 8.1 SP2 hasta el SP6, el 9.0, el 9.1, el 9.2 Gold hasta el MP2 y el 10.0, selecciona algunas veces una clave nula cuando otras est\u00e1n habilitadas, lo que puede permitir a atacantes remotos interceptar las comunicaciones."}], "id": "CVE-2007-4615", "lastModified": "2024-11-21T00:36:01.450", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-08-31T00:17:00.000", "references": [{"source": "cve@mitre.org", "url": "http://dev2dev.bea.com/pub/advisory/244"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/26539"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1018619"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/25472"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/3008"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36322"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://dev2dev.bea.com/pub/advisory/244"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/26539"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1018619"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/25472"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/3008"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36322"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}