Vulnerability in Bea Weblogic_server
CVE-2008-0900
Session fixation vulnerability in BEA WebLogic Server and Express 8.1 SP4 through SP6, 9.2 through MP1, and 10.0 allows remote authenticated users to hijack web sessions via unknown vectors.
EPSS: 0.100 (95.0th percentile) — read the EPSS interpretation.
Affected products
- Bea Weblogic_server — versions 8.1, 9.2, 10.0
- Bea_systems Weblogic_express — versions 9.2, 10.0
- N/a — versions n/a
Weakness classification (CWE)
Public proof-of-concept exploits
References
- cve@mitre.org (vdb-entry, x_refsource_SECTRACK)
- cve@mitre.org (vendor-advisory, x_refsource_BEA, Patch)
- cve@mitre.org (x_refsource_SECUNIA, third-party-advisory)
- cve@mitre.org (vdb-entry, x_refsource_VUPEN)
Frequently asked questions
- What is CVE-2008-0900?
- CVE-2008-0900 is a vulnerability in Bea Weblogic_server, classified under CWE-264. Published 2008-02-22.
- Is CVE-2008-0900 known to be exploited?
- 9 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.