Oracle WebLogic Portal Elevation of Privilege (CVE-2008-5462)

This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.


Synopsis :

The remote Oracle WebLogic Server has an unspecified privilege
elevation vulnerability.

Description :

According to its self-reported banner, the version of Oracle WebLogic
Server running on the remote host is affected by an unspecified
privilege elevation vulnerability in the portal component that could
be exploited remotely.

See also :

http://www.oracle.com/technetwork/topics/security/2808-085820.html

Solution :

Upgrade and / or apply the appropriate patch as described in Oracle's
advisory.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.6
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Web Servers

Nessus Plugin ID: 17771 ()

Bugtraq ID: 33177

CVE ID: CVE-2008-5462