CVE-2007-4613
Last modified
CVE-2007-4613 is a vulnerability of currently unknown severity. SSL libraries in BEA WebLogic Server 6.1 Gold through SP7, 7.0 Gold through SP7, and 8.1 Gold through SP5 might allow remote attackers to obtain plaintext from an SSL stream via a man-in-the-middle attack that injects crafted data and measures the elapsed time before an error response, a different vulnerability than CVE-2006-2461.. EPSS estimates a 1.35% chance of exploitation in the next 30 days.
Description
SSL libraries in BEA WebLogic Server 6.1 Gold through SP7, 7.0 Gold through SP7, and 8.1 Gold through SP5 might allow remote attackers to obtain plaintext from an SSL stream via a man-in-the-middle attack that injects crafted data and measures the elapsed time before an error response, a different vulnerability than CVE-2006-2461.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Bea | Weblogic Server | 6.0 | — |
| Bea | Weblogic Server | 6.1 | Sp1 |
| Bea | Weblogic Server | 7.0 | — |
| Bea | Weblogic Server | 8.1 | — |
References
- http://dev2dev.bea.com/pub/advisory/201Patch, Vendor Advisory
- http://osvdb.org/45838Broken Link
- http://www.securityfocus.com/bid/22082Patch, Third Party Advisory, VDB Entry
- http://dev2dev.bea.com/pub/advisory/201Patch, Vendor Advisory
- http://osvdb.org/45838Broken Link
- http://www.securityfocus.com/bid/22082Patch, Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2007-4613?
How severe is CVE-2007-4613?
How do I fix CVE-2007-4613?
Are you affected by CVE-2007-4613?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST