CVE-2008-0895Improper Authentication in Weblogic Server

CWE-287Improper Authentication3 documents3 sources
Severity
6.4MEDIUMNVD
EPSS
0.4%
top 40.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
BEA Weblogic Server
Timeline
PublishedFeb 22
Latest updateMay 1

Description

BEA WebLogic Server and WebLogic Express 6.1 through 10.0 allows remote attackers to bypass authentication for application servlets via crafted request headers.

CVSS vector

AV:N/AC:L/C:P/I:P/A:NExploitability: 10.0 | Impact: 4.9

Affected Packages1 packages

NVDbea/weblogic_server7 versions+6

Patches

Patch: dev2dev.bea.comPatch: dev2dev.bea.com

🔴Vulnerability Details

2
GHSA
GHSA-m959-8wfp-9m54: BEA WebLogic Server and WebLogic Express 62022-05-01
CVEList
CVE-2008-0895: BEA WebLogic Server and WebLogic Express 62008-02-22
CVE-2008-0895 — Improper Authentication | cvebase