PT-2008-2509 · Bea · Bea Weblogic Server+1
Publicado
2008-02-22
·
Atualizado
2011-03-08
·
CVE-2008-0895
CVSS v2.0
6.4
Média
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
BEA WebLogic Server and WebLogic Express versions 6.1 through 10.0
Description
The issue allows remote attackers to bypass authentication for application servlets by using crafted request headers.
Recommendations
For versions 6.1 through 10.0, update to a version that includes a fix for this issue to prevent authentication bypass.
Correção
Improper Authentication
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Bea Weblogic Server
Weblogic Express