CVE-2008-0900

Session fixation vulnerability in BEA WebLogic Server and Express 8.1 SP4 through SP6, 9.2 through MP1, and 10.0 allows remote authenticated users to hijack web sessions via unknown vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
VendorProductVersion
beaweblogic_server
8.1:sp4
beaweblogic_server
8.1:sp4
beaweblogic_server
8.1:sp5
beaweblogic_server
8.1:sp5
beaweblogic_server
8.1:sp6
beaweblogic_server
8.1:sp6
beaweblogic_server
9.2
beaweblogic_server
9.2:mp1
beaweblogic_server
10.0
bea_systemsweblogic_express
9.2:mp1
bea_systemsweblogic_express
10.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://dev2dev.bea.com/pub/advisory/270
http://secunia.com/advisories/29041
http://www.securitytracker.com/id?1019439
http://www.vupen.com/english/advisories/2008/0612/references
http://dev2dev.bea.com/pub/advisory/270
http://secunia.com/advisories/29041
http://www.securitytracker.com/id?1019439
http://www.vupen.com/english/advisories/2008/0612/references