Oracle WebLogic WLS Unspecified Vulnerability (CVE-2008-5461)

This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.


Synopsis :

The remote Oracle WebLogic Server has an unspecified vulnerability.

Description :

According to its self-reported banner, the version of Oracle WebLogic
Server running on the remote host has an unspecified vulnerability in
WebLogic Console that can be exploited remotely and may allow
information disclosure and elevation of privileges.

See also :

http://www.oracle.com/technetwork/topics/security/2811-100497.html

Solution :

Upgrade and/or apply the appropriate patch as described in Oracle's
advisory.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.6
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Web Servers

Nessus Plugin ID: 17743 ()

Bugtraq ID: 33177

CVE ID: CVE-2008-5461