Auth bypass in Bea Weblogic_server

CVE-2008-0895

BEA WebLogic Server and WebLogic Express 6.1 through 10.0 allows remote attackers to bypass authentication for application servlets via crafted request headers.

Vulnerability class: Broken Authentication

EPSS: 0.022 (79.9th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References