CVE-2008-0900

Sažetak

Session fixation vulnerability in BEA WebLogic Server and Express 8.1 SP4 through SP6, 9.2 through MP1, and 10.0 allows remote authenticated users to hijack web sessions via unknown vectors.

Reference

http://dev2dev.bea.com/pub/advisory/270
http://secunia.com/advisories/29041
http://www.securitytracker.com/id?1019439
http://www.vupen.com/english/advisories/2008/0612/references

CVSS

Base:	6.0
Impact:	6.4
Exploitability:	6.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:S/C:P/I:P/A:P

Zadnje važnije ažuriranje

08-03-2011 - 03:05

Objavljeno

22-02-2008 - 21:44