Session fixation vulnerability in BEA WebLogic Server and Express 8.1 SP4 through SP6, 9.2 through MP1, and 10.0 allows remote authenticated users to hijack web sessions via unknown vectors.
References
Configurations
Configuration 1 (hide)
|
Information
Published : 2008-02-22 13:44
Updated : 2011-03-07 19:05
NVD link : CVE-2008-0900
Mitre link : CVE-2008-0900
JSON object : View
CWE
CWE-264
Permissions, Privileges, and Access Controls
Products Affected
bea
- weblogic_server
bea_systems
- weblogic_express