Vulnerability Description
Session fixation vulnerability in BEA WebLogic Server and Express 8.1 SP4 through SP6, 9.2 through MP1, and 10.0 allows remote authenticated users to hijack web sessions via unknown vectors.
CVSS Score
6.0
MEDIUM
AV:N/AC:M/Au:S/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bea | Weblogic Server | 8.1 |
| Bea Systems | Weblogic Express | 9.2 |
Related Weaknesses (CWE)
References
- http://dev2dev.bea.com/pub/advisory/270Patch
- http://secunia.com/advisories/29041
- http://www.securitytracker.com/id?1019439
- http://www.vupen.com/english/advisories/2008/0612/references
- http://dev2dev.bea.com/pub/advisory/270Patch
- http://secunia.com/advisories/29041
- http://www.securitytracker.com/id?1019439
- http://www.vupen.com/english/advisories/2008/0612/references
FAQ
What is CVE-2008-0900?
CVE-2008-0900 is a vulnerability with a CVSS score of 6.0 (MEDIUM). Session fixation vulnerability in BEA WebLogic Server and Express 8.1 SP4 through SP6, 9.2 through MP1, and 10.0 allows remote authenticated users to hijack web sessions via unknown vectors.
How severe is CVE-2008-0900?
CVE-2008-0900 has been rated MEDIUM with a CVSS base score of 6.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-0900?
Check the references section above for vendor advisories and patch information. Affected products include: Bea Weblogic Server, Bea Systems Weblogic Express.