Vulnerabilites related to bea_systems - weblogic_express
Vulnerability from fkie_nvd
Published
2008-02-22 21:44
Modified
2024-11-21 00:43
Severity ?
Summary
Unspecified vulnerability in the BEA WebLogic Server and Express proxy plugin, as distributed before November 2007 and before 9.2 MP3 and 10.0 MP2, allows remote attackers to cause a denial of service (web server crash) via a crafted URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bea_systems | weblogic_express | * | |
| bea_systems | weblogic_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bea_systems:weblogic_express:*:mp2:*:*:*:*:*:*",
"matchCriteriaId": "82FCBBDB-7E42-47AF-9D65-EF664E9A6EB8",
"versionEndIncluding": "10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea_systems:weblogic_server:*:mp2:*:*:*:*:*:*",
"matchCriteriaId": "B28CB76C-94CF-4A58-B11A-2108FB602B41",
"versionEndIncluding": "10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the BEA WebLogic Server and Express proxy plugin, as distributed before November 2007 and before 9.2 MP3 and 10.0 MP2, allows remote attackers to cause a denial of service (web server crash) via a crafted URL."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en el plugin BEA WebLogic Server y Express proxy, como se distribuy\u00f3 antes de Noviembre de 2007 y antes de 9.2 MP3 y 10.0 MP2, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del servidor web) a trav\u00e9s de un URL manipulado."
}
],
"id": "CVE-2008-0903",
"lastModified": "2024-11-21T00:43:11.300",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-02-22T21:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://dev2dev.bea.com/pub/advisory/275"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29041"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1019450"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0608/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://dev2dev.bea.com/pub/advisory/275"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29041"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019450"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0608/references"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-02-22 21:44
Modified
2024-11-21 00:43
Severity ?
Summary
Session fixation vulnerability in BEA WebLogic Server and Express 8.1 SP4 through SP6, 9.2 through MP1, and 10.0 allows remote authenticated users to hijack web sessions via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bea | weblogic_server | 8.1 | |
| bea | weblogic_server | 8.1 | |
| bea | weblogic_server | 8.1 | |
| bea | weblogic_server | 8.1 | |
| bea | weblogic_server | 8.1 | |
| bea | weblogic_server | 8.1 | |
| bea | weblogic_server | 9.2 | |
| bea | weblogic_server | 9.2 | |
| bea | weblogic_server | 10.0 | |
| bea_systems | weblogic_express | 9.2 | |
| bea_systems | weblogic_express | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "0653ACAC-B0D9-4381-AB23-11D24852A414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp4:express:*:*:*:*:*",
"matchCriteriaId": "107C2FC6-BC60-4817-8A21-14C81DA6DEF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp5:*:*:*:*:*:*",
"matchCriteriaId": "2A489A8E-D3AE-42DF-8DCF-5A9EF10778FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp5:express:*:*:*:*:*",
"matchCriteriaId": "24E0BA12-971C-4DC4-8ED2-9B7DCD6390E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp6:*:*:*:*:*:*",
"matchCriteriaId": "7A75A7F9-A99A-4C8E-9867-71FA8A55DD70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp6:express:*:*:*:*:*",
"matchCriteriaId": "715D1DD4-A736-4F55-9369-71C232AB14CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7BA8C449-ECD0-46E5-A7D6-740DE8DEE0EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:9.2:mp1:*:*:*:*:*:*",
"matchCriteriaId": "321BC193-5FBF-4F25-996D-1FE74779F34D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "60F9ABCC-5217-4650-8C71-F8B0EB86789F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea_systems:weblogic_express:9.2:mp1:*:*:*:*:*:*",
"matchCriteriaId": "FF045092-39D3-4598-99DA-D1B35F0DDC3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea_systems:weblogic_express:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "61231482-5CC5-4C23-AA48-11E24FB6C94F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Session fixation vulnerability in BEA WebLogic Server and Express 8.1 SP4 through SP6, 9.2 through MP1, and 10.0 allows remote authenticated users to hijack web sessions via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de fijaci\u00f3n de sesi\u00f3n en BEA WebLogic Server y Express de 8.1 SP4 a SP6, de 9.2 a MP1 y 10.0 permite a usuarios autentificados remotamente secuestrar sesiones web a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2008-0900",
"lastModified": "2024-11-21T00:43:10.870",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-02-22T21:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://dev2dev.bea.com/pub/advisory/270"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29041"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1019439"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0612/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://dev2dev.bea.com/pub/advisory/270"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29041"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019439"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0612/references"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2008-0900
Vulnerability from cvelistv5
Published
2008-02-22 21:00
Modified
2024-08-07 08:01
Severity ?
EPSS score ?
Summary
Session fixation vulnerability in BEA WebLogic Server and Express 8.1 SP4 through SP6, 9.2 through MP1, and 10.0 allows remote authenticated users to hijack web sessions via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id?1019439 | vdb-entry, x_refsource_SECTRACK | |
| http://dev2dev.bea.com/pub/advisory/270 | vendor-advisory, x_refsource_BEA | |
| http://secunia.com/advisories/29041 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2008/0612/references | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:01:40.091Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1019439",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019439"
},
{
"name": "BEA08-196.00",
"tags": [
"vendor-advisory",
"x_refsource_BEA",
"x_transferred"
],
"url": "http://dev2dev.bea.com/pub/advisory/270"
},
{
"name": "29041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29041"
},
{
"name": "ADV-2008-0612",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0612/references"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Session fixation vulnerability in BEA WebLogic Server and Express 8.1 SP4 through SP6, 9.2 through MP1, and 10.0 allows remote authenticated users to hijack web sessions via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-03-11T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1019439",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019439"
},
{
"name": "BEA08-196.00",
"tags": [
"vendor-advisory",
"x_refsource_BEA"
],
"url": "http://dev2dev.bea.com/pub/advisory/270"
},
{
"name": "29041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29041"
},
{
"name": "ADV-2008-0612",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0612/references"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0900",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Session fixation vulnerability in BEA WebLogic Server and Express 8.1 SP4 through SP6, 9.2 through MP1, and 10.0 allows remote authenticated users to hijack web sessions via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1019439",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019439"
},
{
"name": "BEA08-196.00",
"refsource": "BEA",
"url": "http://dev2dev.bea.com/pub/advisory/270"
},
{
"name": "29041",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29041"
},
{
"name": "ADV-2008-0612",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0612/references"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0900",
"datePublished": "2008-02-22T21:00:00",
"dateReserved": "2008-02-22T00:00:00",
"dateUpdated": "2024-08-07T08:01:40.091Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-0903
Vulnerability from cvelistv5
Published
2008-02-22 21:00
Modified
2024-08-07 08:01
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the BEA WebLogic Server and Express proxy plugin, as distributed before November 2007 and before 9.2 MP3 and 10.0 MP2, allows remote attackers to cause a denial of service (web server crash) via a crafted URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://dev2dev.bea.com/pub/advisory/275 | vendor-advisory, x_refsource_BEA | |
| http://secunia.com/advisories/29041 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securitytracker.com/id?1019450 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vupen.com/english/advisories/2008/0608/references | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:01:40.046Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "BEA08-199.00",
"tags": [
"vendor-advisory",
"x_refsource_BEA",
"x_transferred"
],
"url": "http://dev2dev.bea.com/pub/advisory/275"
},
{
"name": "29041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29041"
},
{
"name": "1019450",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019450"
},
{
"name": "ADV-2008-0608",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0608/references"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the BEA WebLogic Server and Express proxy plugin, as distributed before November 2007 and before 9.2 MP3 and 10.0 MP2, allows remote attackers to cause a denial of service (web server crash) via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-03-11T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "BEA08-199.00",
"tags": [
"vendor-advisory",
"x_refsource_BEA"
],
"url": "http://dev2dev.bea.com/pub/advisory/275"
},
{
"name": "29041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29041"
},
{
"name": "1019450",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019450"
},
{
"name": "ADV-2008-0608",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0608/references"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0903",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the BEA WebLogic Server and Express proxy plugin, as distributed before November 2007 and before 9.2 MP3 and 10.0 MP2, allows remote attackers to cause a denial of service (web server crash) via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "BEA08-199.00",
"refsource": "BEA",
"url": "http://dev2dev.bea.com/pub/advisory/275"
},
{
"name": "29041",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29041"
},
{
"name": "1019450",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019450"
},
{
"name": "ADV-2008-0608",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0608/references"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0903",
"datePublished": "2008-02-22T21:00:00",
"dateReserved": "2008-02-22T00:00:00",
"dateUpdated": "2024-08-07T08:01:40.046Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}