CVE-2008-0895

EUVD-2008-0902
BEA WebLogic Server and WebLogic Express 6.1 through 10.0 allows remote attackers to bypass authentication for application servlets via crafted request headers.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 59%
Affected Products (NVD)
VendorProductVersion
beaweblogic_server
6.1
beaweblogic_server
6.1:sp1
beaweblogic_server
6.1:sp2
beaweblogic_server
6.1:sp3
beaweblogic_server
6.1:sp4
beaweblogic_server
6.1:sp5
beaweblogic_server
6.1:sp6
beaweblogic_server
6.1:sp7
beaweblogic_server
7.0
beaweblogic_server
7.0:sp1
beaweblogic_server
7.0:sp2
beaweblogic_server
7.0:sp3
beaweblogic_server
7.0:sp4
beaweblogic_server
7.0:sp5
beaweblogic_server
7.0:sp6
beaweblogic_server
7.0:sp7
beaweblogic_server
8.1
beaweblogic_server
8.1:sp1
beaweblogic_server
8.1:sp2
beaweblogic_server
8.1:sp3
beaweblogic_server
8.1:sp4
beaweblogic_server
8.1:sp5
beaweblogic_server
8.1:sp6
beaweblogic_server
9.0
beaweblogic_server
9.1
beaweblogic_server
9.2
beaweblogic_server
10.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://dev2dev.bea.com/pub/advisory/265
http://secunia.com/advisories/29041
http://www.securitytracker.com/id?1019443
http://www.vupen.com/english/advisories/2008/0612/references
http://dev2dev.bea.com/pub/advisory/265
http://secunia.com/advisories/29041
http://www.securitytracker.com/id?1019443
http://www.vupen.com/english/advisories/2008/0612/references