CVE-2007-4615

BEA WebLogic Server - Info Disclosure

Title source: llm

Description

The SSL client implementation in BEA WebLogic Server 7.0 SP7, 8.1 SP2 through SP6, 9.0, 9.1, 9.2 Gold through MP2, and 10.0 sometimes selects the null cipher when others are available, which might allow remote attackers to intercept communications.

References (6)

[Patch, Vendor Advisory] http://secunia.com/advisories/26539

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/25472

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/36322

[Vendor Advisory] http://dev2dev.bea.com/pub/advisory/244

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1018619

[Third Party Advisory] http://www.vupen.com/english/advisories/2007/3008

Scores

EPSS 0.0077

EPSS Percentile 73.2%

Classification

Status draft

Affected Products (10)

bea/weblogic_server < 9.2

bea/weblogic_server

Timeline

Published Aug 31, 2007

Tracked Since Feb 18, 2026