Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0900

Overview

Vulnerability Score 6.0 6.0
CVE Id CVE-2008-0900
Last Modified 07 Mar 2011 10:05:38
Published 22 Feb 2008 04:44:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2008-0900

Summary

Session fixation vulnerability in BEA WebLogic Server and Express 8.1 SP4 through SP6, 9.2 through MP1, and 10.0 allows remote authenticated users to hijack web sessions via unknown vectors.

Vulnerable Systems

Application

  • Bea Systems Weblogic Express 10.0

  • Bea Systems Weblogic Express 9.2

  • Bea Weblogic Server 10.0

  • Bea Weblogic Server 8.1

  • Bea Weblogic Server 9.2


References

BEA - BEA08-196.00

VUPEN - ADV-2008-0612

SECTRACK - 1019439

SECUNIA - 29041


Last Updated: 27 May 2016 10:46:58