PT-2007-5773 · Bea · Bea Weblogic Server
Published
2007-08-31
·
Updated
2018-10-26
·
CVE-2007-4613
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
BEA WebLogic Server versions 6.1 Gold through SP7
BEA WebLogic Server versions 7.0 Gold through SP7
BEA WebLogic Server versions 8.1 Gold through SP5
Description
The SSL libraries in the affected software might allow remote attackers to obtain plaintext from an SSL stream via a man-in-the-middle attack. This attack involves injecting crafted data and measuring the elapsed time before an error response.
Recommendations
For BEA WebLogic Server versions 6.1 Gold through SP7, consider updating to a version that includes a fix for this issue.
For BEA WebLogic Server versions 7.0 Gold through SP7, consider updating to a version that includes a fix for this issue.
For BEA WebLogic Server versions 8.1 Gold through SP5, consider updating to a version that includes a fix for this issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bea Weblogic Server