Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5461

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2008-5461
Last Modified 22 Oct 2012 10:56:49
Published 13 Jan 2009 09:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-5461

Summary

Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0, and SP7 allows remote attackers to affect confidentiality, integrity, and availability, related to WLS. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is cross-site scripting.

Vulnerable Systems

Application

  • Oracle Bea Product Suite 10.0

  • Oracle Bea Product Suite 10.3

  • Oracle Bea Product Suite 7.0

  • Oracle Bea Product Suite 8.1

  • Oracle Bea Product Suite 9.0

  • Oracle Bea Product Suite 9.1

  • Oracle Bea Product Suite 9.2


References

CONFIRM - http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2009.html

VUPEN - ADV-2009-0115

SECTRACK - 1021571

BID - 33177

SECUNIA - 33526

JVN - JVN#93431860

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html


Last Updated: 27 May 2016 11:01:06