CVE-2008-0900Weblogic Server vulnerability

CWE-2643 documents3 sources
Severity
6.0MEDIUMNVD
EPSS
4.5%
top 10.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
BEA Weblogic ServerBEA Systems Weblogic Express
Timeline
PublishedFeb 22
Latest updateMay 1

Description

Session fixation vulnerability in BEA WebLogic Server and Express 8.1 SP4 through SP6, 9.2 through MP1, and 10.0 allows remote authenticated users to hijack web sessions via unknown vectors.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 6.8 | Impact: 6.4

Affected Packages2 packages

NVDbea/weblogic_server10.0, 8.1, 9.2+2

Patches

Patch: dev2dev.bea.comPatch: dev2dev.bea.com

🔴Vulnerability Details

2
GHSA
GHSA-fx8p-9q3f-f3m3: Session fixation vulnerability in BEA WebLogic Server and Express 82022-05-01
CVEList
CVE-2008-0900: Session fixation vulnerability in BEA WebLogic Server and Express 82008-02-22
CVE-2008-0900 — BEA Weblogic Server vulnerability | cvebase