CVE Vulnerability

CVE-2008-0899

Cross-site scripting (XSS) vulnerability in the Administration Console in BEA WebLogic Server and Express 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via URLs that are not properly handled by the Unexpected Exception Page.

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

References
Link Resource
http://dev2dev.bea.com/pub/advisory/269 Patch
http://www.securitytracker.com/id?1019448
http://secunia.com/advisories/29041
http://www.vupen.com/english/advisories/2008/0612/references
Configurations

Configuration 1

cpe:2.3:a:bea:weblogic_server:9.0:*:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:9.2:*:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:9.1:*:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:10.0:*:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:9.2:mp1:*:*:*:*:*:*
Information

Published : 2008-02-22 09:44

Updated : 2011-03-08 03:05

NVD link : CVE-2008-0899

Mitre link : CVE-2008-0899

Products Affected
No products.
CWE
CWE-79