CVE-2007-4616

Name of the Vulnerable Software and Affected Versions BEA WebLogic Server versions 7.0 Gold through SP7 BEA WebLogic Server versions 8.1 Gold through SP6 BEA WebLogic Server version 9.0 BEA WebLogic Server version 9.1 BEA WebLogic Server versions 9.2 Gold through MP1 BEA WebLogic Server version 10.0

Description The SSL server implementation in the affected software sometimes selects the null cipher when no other cipher is compatible between the server and client. This might allow remote attackers to intercept communications.

Recommendations For BEA WebLogic Server versions 7.0 Gold through SP7, update to a version that selects a secure cipher by default. For BEA WebLogic Server versions 8.1 Gold through SP6, update to a version that selects a secure cipher by default. For BEA WebLogic Server version 9.0, update to a version that selects a secure cipher by default. For BEA WebLogic Server version 9.1, update to a version that selects a secure cipher by default. For BEA WebLogic Server versions 9.2 Gold through MP1, update to a version that selects a secure cipher by default. For BEA WebLogic Server version 10.0, update to a version that selects a secure cipher by default.