CVE-2008-0900

Name of the Vulnerable Software and Affected Versions BEA WebLogic Server and Express versions 8.1 SP4 through SP6 BEA WebLogic Server and Express versions 9.2 through MP1 BEA WebLogic Server and Express version 10.0

Description A session fixation issue allows remote authenticated users to hijack web sessions. The exact vectors used for the hijacking are not specified.

Recommendations For versions 8.1 SP4 through SP6, update to a version outside of this range to resolve the issue. For versions 9.2 through MP1, update to a version beyond MP1 to address the problem. For version 10.0, update to a newer version to fix the issue. As a temporary workaround, consider implementing additional session validation to minimize the risk of session hijacking.