CVE-2007-4615

Name of the Vulnerable Software and Affected Versions BEA WebLogic Server versions 7.0 SP7, 8.1 SP2 through 8.1 SP6, 9.0, 9.1, 9.2 Gold through 9.2 MP2, 10.0

Description The SSL client implementation in the affected software sometimes selects the null cipher when others are available. This could allow remote attackers to intercept communications.

Recommendations For BEA WebLogic Server version 7.0 SP7, update the SSL client configuration to avoid selecting the null cipher. For BEA WebLogic Server versions 8.1 SP2 through 8.1 SP6, update the SSL client configuration to avoid selecting the null cipher. For BEA WebLogic Server versions 9.0, 9.1, 9.2 Gold through 9.2 MP2, 10.0, update the SSL client configuration to avoid selecting the null cipher. As a temporary workaround, consider disabling the SSL client implementation until a patch is available. Restrict access to sensitive communications to minimize the risk of interception.