CVE-2007-4613

BEA WebLogic Server - Info Disclosure

Title source: llm

Description

SSL libraries in BEA WebLogic Server 6.1 Gold through SP7, 7.0 Gold through SP7, and 8.1 Gold through SP5 might allow remote attackers to obtain plaintext from an SSL stream via a man-in-the-middle attack that injects crafted data and measures the elapsed time before an error response, a different vulnerability than CVE-2006-2461.

References (3)

Scores

EPSS 0.0065
EPSS Percentile 70.5%

Classification

CWE
CWE-310
Status draft

Affected Products (22)

bea/weblogic_server
bea/weblogic_server
bea/weblogic_server
bea/weblogic_server
bea/weblogic_server
bea/weblogic_server
bea/weblogic_server
bea/weblogic_server
bea/weblogic_server
bea/weblogic_server
bea/weblogic_server
bea/weblogic_server
bea/weblogic_server
bea/weblogic_server
bea/weblogic_server
... and 7 more

Timeline

Published Aug 31, 2007
Tracked Since Feb 18, 2026