CVE-2008-0900

high

Description

Session fixation vulnerability in BEA WebLogic Server and Express 8.1 SP4 through SP6, 9.2 through MP1, and 10.0 allows remote authenticated users to hijack web sessions via unknown vectors.

References

http://www.vupen.com/english/advisories/2008/0612/references

http://www.securitytracker.com/id?1019439

http://secunia.com/advisories/29041

http://dev2dev.bea.com/pub/advisory/270

Details

Source: Mitre, NVD

Published: 2008-02-22

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 6

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.1

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Severity: High

EPSS

EPSS: 0.07961