| Vulnerability Name: | CVE-2007-4615 (CCN-36322) | ||||||||
| Assigned: | 2007-08-28 | ||||||||
| Published: | 2007-08-28 | ||||||||
| Updated: | 2017-07-29 | ||||||||
| Summary: | The SSL client implementation in BEA WebLogic Server 7.0 SP7, 8.1 SP2 through SP6, 9.0, 9.1, 9.2 Gold through MP2, and 10.0 sometimes selects the null cipher when others are available, which might allow remote attackers to intercept communications. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 6.4 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N) 4.7 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: MITRE Type: CNA CVE-2007-4615 Source: BEA Type: UNKNOWN BEA07-175.00 Source: CCN Type: SA26539 BEA WebLogic Multiple Vulnerabilities and Security Issues Source: SECUNIA Type: Patch, Vendor Advisory 26539 Source: CCN Type: SECTRACK ID: 1018619 WebLogic SSL Clients May Use Null Encryption Source: SECTRACK Type: UNKNOWN 1018619 Source: CCN Type: OSVDB ID: 38519 BEA WebLogic Server SSL Server Cipher Selection Fallback Weakness Source: BID Type: UNKNOWN 25472 Source: CCN Type: BID-25472 BEA WebLogic Server Null Cipher Suite Multiple Information Disclosure Vulnerabilities Source: VUPEN Type: UNKNOWN ADV-2007-3008 Source: XF Type: UNKNOWN weblogic-cipher-information-disclosure(36322) Source: XF Type: UNKNOWN weblogic-cipher-information-disclosure(36322) Source: CCN Type: BEA07-175.00 SSL clients may not find all possible cipher suites resulting in use of the default null cipher (no encryption) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||