CVE Vulnerability

CVE-2008-0900

Session fixation vulnerability in BEA WebLogic Server and Express 8.1 SP4 through SP6, 9.2 through MP1, and 10.0 allows remote authenticated users to hijack web sessions via unknown vectors.

6 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 6.8 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

References
Link Resource
http://dev2dev.bea.com/pub/advisory/270 Patch
http://www.securitytracker.com/id?1019439
http://secunia.com/advisories/29041
http://www.vupen.com/english/advisories/2008/0612/references
Configurations

Configuration 1

cpe:2.3:a:bea:weblogic_server:9.2:*:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:sp6:express:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:sp5:express:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:sp5:*:*:*:*:*:*
cpe:2.3:a:bea_systems:weblogic_express:10.0:*:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:sp4:express:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:10.0:*:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:9.2:mp1:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:sp6:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:sp4:*:*:*:*:*:*
cpe:2.3:a:bea_systems:weblogic_express:9.2:mp1:*:*:*:*:*:*
Information

Published : 2008-02-22 09:44

Updated : 2011-03-08 03:05

NVD link : CVE-2008-0900

Mitre link : CVE-2008-0900

Products Affected
No products.
CWE
CWE-264