Oracle WebLogic WLS Unspecified Vulnerability (CVE-2008-5461)

Medium Nessus Plugin ID 17743


The remote Oracle WebLogic Server has an unspecified vulnerability.


According to its self-reported banner, the version of Oracle WebLogic Server running on the remote host has an unspecified vulnerability in WebLogic Console that can be exploited remotely and may allow information disclosure and elevation of privileges.


Upgrade and/or apply the appropriate patch as described in Oracle's advisory.

See Also

Plugin Details

Severity: Medium

ID: 17743

File Name: weblogic_cr384662.nasl

Version: $Revision: 1.12 $

Type: remote

Family: Web Servers

Published: 2011/11/30

Modified: 2016/11/29

Dependencies: 56979

Risk Information

Risk Factor: Medium


Base Score: 6.8

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:bea:weblogic_server, cpe:/a:oracle:weblogic_server

Required KB Items: www/weblogic

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2009/01/14

Vulnerability Publication Date: 2009/01/14

Exploitable With

Elliot (Oracle Secure Backup RCE (Windows))

Reference Information

CVE: CVE-2008-5461

BID: 33177

OSVDB: 51314

CWE: 200, 264