Vulnerability Description
Unspecified vulnerability in the BEA WebLogic Server and Express proxy plugin, as distributed before November 2007 and before 9.2 MP3 and 10.0 MP2, allows remote attackers to cause a denial of service (web server crash) via a crafted URL.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bea Systems | Weblogic Express | <= 10.0 |
| Bea Systems | Weblogic Server | <= 10.0 |
References
- http://dev2dev.bea.com/pub/advisory/275Patch
- http://secunia.com/advisories/29041
- http://www.securitytracker.com/id?1019450
- http://www.vupen.com/english/advisories/2008/0608/references
- http://dev2dev.bea.com/pub/advisory/275Patch
- http://secunia.com/advisories/29041
- http://www.securitytracker.com/id?1019450
- http://www.vupen.com/english/advisories/2008/0608/references
FAQ
What is CVE-2008-0903?
CVE-2008-0903 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Unspecified vulnerability in the BEA WebLogic Server and Express proxy plugin, as distributed before November 2007 and before 9.2 MP3 and 10.0 MP2, allows remote attackers to cause a denial of service...
How severe is CVE-2008-0903?
CVE-2008-0903 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-0903?
Check the references section above for vendor advisories and patch information. Affected products include: Bea Systems Weblogic Express, Bea Systems Weblogic Server.