ByteOS Network

Vulnerability Details :

CVE-2007-4616

Assigner-mitre

Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At-31 Aug, 2007 | 00:00

Updated At-07 Aug, 2024 | 15:01

The SSL server implementation in BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP1, and 10.0 sometimes selects the null cipher when no other cipher is compatible between the server and client, which might allow remote attackers to intercept communications.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:mitre

Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At:31 Aug, 2007 | 00:00

Updated At:07 Aug, 2024 | 15:01

▼CVE Numbering Authority (CNA)

Affected Products

Vendor

n/a

Product

n/a

Versions

Affected

Problem Types

Type	CWE ID	Description
text	N/A	n/a

Type: text

CWE ID: N/A

Description: n/a

References

Hyperlink	Resource
http://secunia.com/advisories/26539	third-party-advisory x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/36320	vdb-entry x_refsource_XF
http://www.securityfocus.com/bid/25472	vdb-entry x_refsource_BID
http://securitytracker.com/id?1018620	vdb-entry x_refsource_SECTRACK
http://www.vupen.com/english/advisories/2007/3008	vdb-entry x_refsource_VUPEN
http://dev2dev.bea.com/pub/advisory/245	vendor-advisory x_refsource_BEA

Hyperlink: http://secunia.com/advisories/26539

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/36320

Resource:

vdb-entry

x_refsource_XF

Hyperlink: http://www.securityfocus.com/bid/25472

Resource:

vdb-entry

x_refsource_BID

Hyperlink: http://securitytracker.com/id?1018620

Resource:

vdb-entry

x_refsource_SECTRACK

Hyperlink: http://www.vupen.com/english/advisories/2007/3008

Resource:

vdb-entry

x_refsource_VUPEN

Hyperlink: http://dev2dev.bea.com/pub/advisory/245

Resource:

vendor-advisory

x_refsource_BEA

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
http://secunia.com/advisories/26539	third-party-advisory x_refsource_SECUNIA x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/36320	vdb-entry x_refsource_XF x_transferred
http://www.securityfocus.com/bid/25472	vdb-entry x_refsource_BID x_transferred
http://securitytracker.com/id?1018620	vdb-entry x_refsource_SECTRACK x_transferred
http://www.vupen.com/english/advisories/2007/3008	vdb-entry x_refsource_VUPEN x_transferred
http://dev2dev.bea.com/pub/advisory/245	vendor-advisory x_refsource_BEA x_transferred

Hyperlink: http://secunia.com/advisories/26539

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/36320

Resource:

vdb-entry

x_refsource_XF

x_transferred

Hyperlink: http://www.securityfocus.com/bid/25472

Resource:

vdb-entry

x_refsource_BID

x_transferred

Hyperlink: http://securitytracker.com/id?1018620

Resource:

vdb-entry

x_refsource_SECTRACK

x_transferred

Hyperlink: http://www.vupen.com/english/advisories/2007/3008

Resource:

vdb-entry

x_refsource_VUPEN

x_transferred

Hyperlink: http://dev2dev.bea.com/pub/advisory/245

Resource:

vendor-advisory

x_refsource_BEA

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:cve@mitre.org

Published At:31 Aug, 2007 | 00:17

Updated At:26 Oct, 2018 | 14:03

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	6.4	MEDIUM	AV:N/AC:L/Au:N/C:P/I:P/A:N

Type: Primary

Version: 2.0

Base score: 6.4

Base severity: MEDIUM

Vector:

AV:N/AC:L/Au:N/C:P/I:P/A:N

CPE Matches

BEA Systems, Inc.

>>weblogic_server>>7.0

cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*

BEA Systems, Inc.

>>weblogic_server>>7.0

cpe:2.3:a:bea:weblogic_server:7.0:sp1:*:*:*:*:*:*

BEA Systems, Inc.

>>weblogic_server>>7.0

cpe:2.3:a:bea:weblogic_server:7.0:sp2:*:*:*:*:*:*

BEA Systems, Inc.

>>weblogic_server>>7.0

cpe:2.3:a:bea:weblogic_server:7.0:sp3:*:*:*:*:*:*

BEA Systems, Inc.

>>weblogic_server>>7.0

cpe:2.3:a:bea:weblogic_server:7.0:sp4:*:*:*:*:*:*

BEA Systems, Inc.

>>weblogic_server>>7.0

cpe:2.3:a:bea:weblogic_server:7.0:sp5:*:*:*:*:*:*

BEA Systems, Inc.

>>weblogic_server>>7.0

cpe:2.3:a:bea:weblogic_server:7.0:sp6:*:*:*:*:*:*

BEA Systems, Inc.

>>weblogic_server>>7.0

cpe:2.3:a:bea:weblogic_server:7.0:sp7:*:*:*:*:*:*

BEA Systems, Inc.

>>weblogic_server>>8.1

cpe:2.3:a:bea:weblogic_server:8.1:*:*:*:*:*:*:*

BEA Systems, Inc.

>>weblogic_server>>8.1

cpe:2.3:a:bea:weblogic_server:8.1:sp1:*:*:*:*:*:*

BEA Systems, Inc.

>>weblogic_server>>8.1

cpe:2.3:a:bea:weblogic_server:8.1:sp2:*:*:*:*:*:*

BEA Systems, Inc.

>>weblogic_server>>8.1

cpe:2.3:a:bea:weblogic_server:8.1:sp3:*:*:*:*:*:*

BEA Systems, Inc.

>>weblogic_server>>8.1

cpe:2.3:a:bea:weblogic_server:8.1:sp4:*:*:*:*:*:*

BEA Systems, Inc.

>>weblogic_server>>8.1

cpe:2.3:a:bea:weblogic_server:8.1:sp5:*:*:*:*:*:*

BEA Systems, Inc.

>>weblogic_server>>8.1

cpe:2.3:a:bea:weblogic_server:8.1:sp6:*:*:*:*:*:*

BEA Systems, Inc.

>>weblogic_server>>9.0

cpe:2.3:a:bea:weblogic_server:9.0:*:*:*:*:*:*:*

BEA Systems, Inc.

>>weblogic_server>>9.1

cpe:2.3:a:bea:weblogic_server:9.1:*:*:*:*:*:*:*

BEA Systems, Inc.

>>weblogic_server>>9.2

cpe:2.3:a:bea:weblogic_server:9.2:*:*:*:*:*:*:*

BEA Systems, Inc.

>>weblogic_server>>9.2

cpe:2.3:a:bea:weblogic_server:9.2:mp1:*:*:*:*:*:*

BEA Systems, Inc.

>>weblogic_server>>10.0

cpe:2.3:a:bea:weblogic_server:10.0:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-Other	Primary	nvd@nist.gov

CWE ID: NVD-CWE-Other

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://dev2dev.bea.com/pub/advisory/245	cve@mitre.org	Patch
http://secunia.com/advisories/26539	cve@mitre.org	Patch Vendor Advisory
http://securitytracker.com/id?1018620	cve@mitre.org	Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/25472	cve@mitre.org	Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2007/3008	cve@mitre.org	Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/36320	cve@mitre.org	Third Party Advisory VDB Entry

Hyperlink: http://dev2dev.bea.com/pub/advisory/245

Source: cve@mitre.org

Resource:

Patch

Hyperlink: http://secunia.com/advisories/26539

Source: cve@mitre.org

Resource:

Patch

Vendor Advisory

Hyperlink: http://securitytracker.com/id?1018620

Source: cve@mitre.org

Resource:

Third Party Advisory

VDB Entry

Hyperlink: http://www.securityfocus.com/bid/25472

Source: cve@mitre.org

Resource:

Third Party Advisory

VDB Entry

Hyperlink: http://www.vupen.com/english/advisories/2007/3008

Source: cve@mitre.org

Resource:

Third Party Advisory

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/36320

Source: cve@mitre.org

Resource:

Third Party Advisory

VDB Entry

Similar CVEs

3Records found

CVE-2010-2375

Matching Score-8

Assigner-Oracle

View Details

Matching Score-8

Assigner-Oracle

CVSS Score-6.4||MEDIUM

EPSS-16.17% / 94.55%

7 Day CHG~0.00%

Published-13 Jul, 2010 | 22:07

Updated-11 Apr, 2025 | 00:51

Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.

Vendor-n/a Oracle Corporation BEA Systems, Inc.

Product-weblogic_server n/a

CVE-2007-4615

Matching Score-8

Assigner-MITRE Corporation

View Details

Matching Score-8

Assigner-MITRE Corporation

CVSS Score-6.4||MEDIUM

EPSS-0.72% / 71.60%

7 Day CHG~0.00%

Published-31 Aug, 2007 | 00:00

Updated-07 Aug, 2024 | 15:01

The SSL client implementation in BEA WebLogic Server 7.0 SP7, 8.1 SP2 through SP6, 9.0, 9.1, 9.2 Gold through MP2, and 10.0 sometimes selects the null cipher when others are available, which might allow remote attackers to intercept communications.

Vendor-n/a BEA Systems, Inc.

Product-weblogic_server n/a

CVE-2008-0895

Matching Score-8

Assigner-MITRE Corporation

View Details

Matching Score-8

Assigner-MITRE Corporation

CVSS Score-6.4||MEDIUM

EPSS-0.38% / 58.74%

7 Day CHG~0.00%

Published-22 Feb, 2008 | 21:00

Updated-07 Aug, 2024 | 08:01

BEA WebLogic Server and WebLogic Express 6.1 through 10.0 allows remote attackers to bypass authentication for application servlets via crafted request headers.

Vendor-n/a BEA Systems, Inc.

Product-weblogic_server n/a

CWE ID-CWE-287

Improper Authentication

CVE-2007-4616

Credits

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs