CVE-2007-4616
First published: Fri Aug 31 2007(Updated: )
The SSL server implementation in BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP1, and 10.0 sometimes selects the null cipher when no other cipher is compatible between the server and client, which might allow remote attackers to intercept communications.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle WebLogic Server | =7.0 | |
| Oracle WebLogic Server | =7.0-sp1 | |
| Oracle WebLogic Server | =7.0-sp2 | |
| Oracle WebLogic Server | =7.0-sp3 | |
| Oracle WebLogic Server | =7.0-sp4 | |
| Oracle WebLogic Server | =7.0-sp5 | |
| Oracle WebLogic Server | =7.0-sp6 | |
| Oracle WebLogic Server | =7.0-sp7 | |
| Oracle WebLogic Server | =8.1 | |
| Oracle WebLogic Server | =8.1-sp1 | |
| Oracle WebLogic Server | =8.1-sp2 | |
| Oracle WebLogic Server | =8.1-sp3 | |
| Oracle WebLogic Server | =8.1-sp4 | |
| Oracle WebLogic Server | =8.1-sp5 | |
| Oracle WebLogic Server | =8.1-sp6 | |
| Oracle WebLogic Server | =9.0 | |
| Oracle WebLogic Server | =9.1 | |
| Oracle WebLogic Server | =9.2 | |
| Oracle WebLogic Server | =9.2-mp1 | |
| Oracle WebLogic Server | =10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2007-4616?
CVE-2007-4616 has a medium severity rating due to potential exposure of sensitive data.
How do I fix CVE-2007-4616?
Fix CVE-2007-4616 by upgrading to a patched version of Oracle WebLogic Server that no longer uses the null cipher.
Which versions of WebLogic Server are affected by CVE-2007-4616?
CVE-2007-4616 affects multiple versions including WebLogic Server 7.0 through 10.0.
Can CVE-2007-4616 allow attackers to intercept communications?
Yes, CVE-2007-4616 may allow remote attackers to intercept communications due to the null cipher selection.
What are the best practices to mitigate CVE-2007-4616?
To mitigate CVE-2007-4616, ensure strong cipher suites are configured and regularly update to the latest security patches.
- agent/references
- agent/type
- agent/remedy
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/bea
- canonical/bea weblogic server
- canonical/oracle weblogic server
- version/oracle weblogic server/7.0
- version/oracle weblogic server/7.0-sp1
- version/oracle weblogic server/7.0-sp2
- version/oracle weblogic server/7.0-sp3
- version/oracle weblogic server/7.0-sp4
- version/oracle weblogic server/7.0-sp5
- version/oracle weblogic server/7.0-sp6
- version/oracle weblogic server/7.0-sp7
- version/oracle weblogic server/8.1
- version/oracle weblogic server/8.1-sp1
- version/oracle weblogic server/8.1-sp2
- version/oracle weblogic server/8.1-sp3
- version/oracle weblogic server/8.1-sp4
- version/oracle weblogic server/8.1-sp5
- version/oracle weblogic server/8.1-sp6
- version/oracle weblogic server/9.0
- version/oracle weblogic server/9.1
- version/oracle weblogic server/9.2
- version/oracle weblogic server/9.2-mp1
- version/oracle weblogic server/10.0