CVE-2007-4616 : The SSL server implementation in BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold thro

The SSL server implementation in BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP1, and 10.0 sometimes selects the null cipher when no other cipher is compatible between the server and client, which might allow remote attackers to intercept communications.

Published 2007-08-31 00:17:00

Updated 2018-10-26 14:03:30

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2007-4616

Probability of exploitation activity in the next 30 days: 0.80%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 80 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2007-4616

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.4	MEDIUM	AV:N/AC:L/Au:N/C:P/I:P/A:N	10.0	4.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: None

References for CVE-2007-4616

http://dev2dev.bea.com/pub/advisory/245

Patch
http://www.securityfocus.com/bid/25472

Third Party Advisory;VDB Entry

CVEs referencing this url
http://securitytracker.com/id?1018620

Third Party Advisory;VDB Entry
http://www.vupen.com/english/advisories/2007/3008

Third Party Advisory

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/36320

Third Party Advisory;VDB Entry

Products affected by CVE-2007-4616

BEA » Weblogic Server » Version: 7.0
cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*
Matching versions
BEA » Weblogic Server » Version: 7.0 Update SP2
cpe:2.3:a:bea:weblogic_server:7.0:sp2:*:*:*:*:*:*
Matching versions
BEA » Weblogic Server » Version: 7.0 Update SP1
cpe:2.3:a:bea:weblogic_server:7.0:sp1:*:*:*:*:*:*
Matching versions
BEA » Weblogic Server » Version: 7.0 Update SP3
cpe:2.3:a:bea:weblogic_server:7.0:sp3:*:*:*:*:*:*
Matching versions
BEA » Weblogic Server » Version: 8.1 Update SP3
cpe:2.3:a:bea:weblogic_server:8.1:sp3:*:*:*:*:*:*
Matching versions
BEA » Weblogic Server » Version: 7.0 Update SP5
cpe:2.3:a:bea:weblogic_server:7.0:sp5:*:*:*:*:*:*
Matching versions
BEA » Weblogic Server » Version: 8.1 Update SP2
cpe:2.3:a:bea:weblogic_server:8.1:sp2:*:*:*:*:*:*
Matching versions
BEA » Weblogic Server » Version: 7.0 Update SP4
cpe:2.3:a:bea:weblogic_server:7.0:sp4:*:*:*:*:*:*
Matching versions
BEA » Weblogic Server » Version: 8.1 Update SP1
cpe:2.3:a:bea:weblogic_server:8.1:sp1:*:*:*:*:*:*
Matching versions
BEA » Weblogic Server » Version: 8.1 Update SP4
cpe:2.3:a:bea:weblogic_server:8.1:sp4:*:*:*:*:*:*
Matching versions
BEA » Weblogic Server » Version: 8.1
cpe:2.3:a:bea:weblogic_server:8.1:*:*:*:*:*:*:*
Matching versions
BEA » Weblogic Server » Version: 7.0 Update SP6
cpe:2.3:a:bea:weblogic_server:7.0:sp6:*:*:*:*:*:*
Matching versions
BEA » Weblogic Server » Version: 7.0 Update SP7
cpe:2.3:a:bea:weblogic_server:7.0:sp7:*:*:*:*:*:*
Matching versions
BEA » Weblogic Server » Version: 8.1 Update SP5
cpe:2.3:a:bea:weblogic_server:8.1:sp5:*:*:*:*:*:*
Matching versions
BEA » Weblogic Server » Version: 9.0
cpe:2.3:a:bea:weblogic_server:9.0:*:*:*:*:*:*:*
Matching versions
BEA » Weblogic Server » Version: 9.1
cpe:2.3:a:bea:weblogic_server:9.1:*:*:*:*:*:*:*
Matching versions
BEA » Weblogic Server » Version: 9.2
cpe:2.3:a:bea:weblogic_server:9.2:*:*:*:*:*:*:*
Matching versions
BEA » Weblogic Server » Version: 8.1 Update SP6
cpe:2.3:a:bea:weblogic_server:8.1:sp6:*:*:*:*:*:*
Matching versions
BEA » Weblogic Server » Version: 10.0
cpe:2.3:a:bea:weblogic_server:10.0:*:*:*:*:*:*:*
Matching versions
BEA » Weblogic Server » Version: 9.2 Update MP1
cpe:2.3:a:bea:weblogic_server:9.2:mp1:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2007-4616

Exploit prediction scoring system (EPSS) score for CVE-2007-4616

CVSS scores for CVE-2007-4616

References for CVE-2007-4616

Products affected by CVE-2007-4616