Description
The SSL client implementation in BEA WebLogic Server 7.0 SP7, 8.1 SP2 through SP6, 9.0, 9.1, 9.2 Gold through MP2, and 10.0 sometimes selects the null cipher when others are available, which might allow remote attackers to intercept communications.
References (6)
Core 6
Core References
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/26539
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/25472
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/36322
Vendor Advisory vendor-advisory
x_refsource_bea
http://dev2dev.bea.com/pub/advisory/244
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/3008
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1018619
Scores
EPSS
0.0089
EPSS Percentile
75.7%
Details
Status
published
Products (6)
bea/weblogic_server
7.0 sp7
bea/weblogic_server
8.1 sp2 (5 CPE variants)
bea/weblogic_server
9.0
bea/weblogic_server
9.1
bea/weblogic_server
10.0
bea/weblogic_server
< 9.2
Published
Aug 31, 2007
Tracked Since
Feb 18, 2026