CVE-2007-4613

SSL libraries in BEA WebLogic Server 6.1 Gold through SP7, 7.0 Gold through SP7, and 8.1 Gold through SP5 might allow remote attackers to obtain plaintext from an SSL stream via a man-in-the-middle attack that injects crafted data and measures the elapsed time before an error response, a different vulnerability than CVE-2006-2461.

Link	Resource
http://dev2dev.bea.com/pub/advisory/201	Patch Vendor Advisory
http://www.securityfocus.com/bid/22082	Patch Third Party Advisory
http://osvdb.org/45838	Broken Link

Configuration 1

cpe:2.3:a:bea:weblogic_server:6.1:sp4:*:*:*:*:*:* cpe:2.3:a:bea:weblogic_server:7.0:sp7:*:*:*:*:*:* cpe:2.3:a:bea:weblogic_server:8.1:*:*:*:*:*:*:* cpe:2.3:a:bea:weblogic_server:6.1:sp5:*:*:*:*:*:* cpe:2.3:a:bea:weblogic_server:6.1:sp6:*:*:*:*:*:* cpe:2.3:a:bea:weblogic_server:7.0:sp4:*:*:*:*:*:* cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:* cpe:2.3:a:bea:weblogic_server:6.1:sp3:*:*:*:*:*:* cpe:2.3:a:bea:weblogic_server:7.0:sp6:*:*:*:*:*:* cpe:2.3:a:bea:weblogic_server:7.0:sp3:*:*:*:*:*:* cpe:2.3:a:bea:weblogic_server:8.1:sp5:*:*:*:*:*:* cpe:2.3:a:bea:weblogic_server:8.1:sp3:*:*:*:*:*:* cpe:2.3:a:bea:weblogic_server:7.0:sp2:*:*:*:*:*:* cpe:2.3:a:bea:weblogic_server:7.0:sp5:*:*:*:*:*:* cpe:2.3:a:bea:weblogic_server:6.1:sp1:*:*:*:*:*:* cpe:2.3:a:bea:weblogic_server:6.0:*:*:*:*:*:*:* cpe:2.3:a:bea:weblogic_server:8.1:sp2:*:*:*:*:*:* cpe:2.3:a:bea:weblogic_server:7.0:sp1:*:*:*:*:*:* cpe:2.3:a:bea:weblogic_server:8.1:sp1:*:*:*:*:*:* cpe:2.3:a:bea:weblogic_server:8.1:sp4:*:*:*:*:*:* cpe:2.3:a:bea:weblogic_server:6.1:sp2:*:*:*:*:*:* cpe:2.3:a:bea:weblogic_server:6.1:sp7:*:*:*:*:*:*

---

Published : 2007-08-31 12:17

Updated : 2018-10-26 02:01

---

NVD link : CVE-2007-4613

Mitre link : CVE-2007-4613

No products.

CWE-310