CVE-2008-0900

Session fixation vulnerability in BEA WebLogic Server and Express 8.1 SP4 through SP6, 9.2 through MP1, and 10.0 allows remote authenticated users to hijack web sessions via unknown vectors.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:bea:weblogic_server:8.1:sp6:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:sp6:express:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:sp5:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:sp5:express:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:10.0:*:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:9.2:*:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:9.2:mp1:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:sp4:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:sp4:express:*:*:*:*:*
cpe:2.3:a:bea_systems:weblogic_express:10.0:*:*:*:*:*:*:*
cpe:2.3:a:bea_systems:weblogic_express:9.2:mp1:*:*:*:*:*:*

Information

Published : 2008-02-22 13:44

Updated : 2011-03-07 19:05


NVD link : CVE-2008-0900

Mitre link : CVE-2008-0900


JSON object : View

CWE
CWE-264

Permissions, Privileges, and Access Controls

Advertisement

dedicated server usa

Products Affected

bea

  • weblogic_server

bea_systems

  • weblogic_express