PT-2008-2509 · Bea · Bea Weblogic Server+1
Published
2008-02-22
·
Updated
2011-03-08
·
CVE-2008-0895
CVSS v2.0
6.4
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
BEA WebLogic Server and WebLogic Express versions 6.1 through 10.0
Description
The issue allows remote attackers to bypass authentication for application servlets by using crafted request headers.
Recommendations
For versions 6.1 through 10.0, update to a version that includes a fix for this issue to prevent authentication bypass.
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bea Weblogic Server
Weblogic Express