CVE Vulnerabilities

CVE-2008-0900

Published: Feb 22, 2008 | Modified: Mar 08, 2011
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6 MEDIUM
AV:N/AC:M/Au:S/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Session fixation vulnerability in BEA WebLogic Server and Express 8.1 SP4 through SP6, 9.2 through MP1, and 10.0 allows remote authenticated users to hijack web sessions via unknown vectors.

Affected Software

Name Vendor Start Version End Version
Weblogic_server Bea 9.2 9.2
Weblogic_server Bea 8.1 8.1
Weblogic_server Bea 8.1 8.1
Weblogic_server Bea 8.1 8.1
Weblogic_express Bea_systems 10.0 10.0
Weblogic_server Bea 8.1 8.1
Weblogic_server Bea 10.0 10.0
Weblogic_server Bea 9.2 9.2
Weblogic_server Bea 8.1 8.1
Weblogic_server Bea 8.1 8.1
Weblogic_express Bea_systems 9.2 9.2

References