Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0870

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-0870
Last Modified 07 Mar 2011 10:05:35
Published 20 Feb 2008 08:44:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-0870

Summary

BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 2, under certain circumstances, can redirect a user from the https:// URI for the Portal Administration Console to an http URI, which allows remote attackers to sniff the session.

Vulnerable Systems

Application

  • Bea Systems Weblogic Portal 10.0

  • Bea Systems Weblogic Portal 9.2

  • Bea Weblogic Portal 9.2


References

BEA - BEA08-190.00

VUPEN - ADV-2008-0613

SECTRACK - 1019442

SECUNIA - 29041


Last Updated: 27 May 2016 10:46:58