Detections
Analytics
Oracle WebLogic Portal Elevation of Privilege (CVE-2008-5462)
medium Nessus Plugin ID 17771
Language:
Synopsis
The remote Oracle WebLogic Server has an unspecified privilege elevation vulnerability.Description
According to its self-reported banner, the version of Oracle WebLogic Server running on the remote host is affected by an unspecified privilege elevation vulnerability in the portal component that could be exploited remotely.Solution
Upgrade and / or apply the appropriate patch as described in Oracle's advisory.See Also
https://www.oracle.com/technetwork/topics/security/2808-085820.html
Plugin Details
Severity: Medium
ID: 17771
File Name: weblogic_portal_elevation_privilege.nasl
Version: 1.14
Type: remote
Family: Web Servers
Published: 1/10/2012
Updated: 4/11/2022
Configuration: Enable thorough checks
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.2
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: cpe:/a:bea:weblogic_server, cpe:/a:oracle:weblogic_server
Required KB Items: www/weblogic
Exploit Ease: No known exploits are available
Patch Publication Date: 1/14/2009
Vulnerability Publication Date: 1/14/2009
Exploitable With
Elliot (Oracle Secure Backup 10.2.0.2 RCE (Windows))
Reference Information
CVE: CVE-2008-5462
BID: 33177
CWE: 264