Oracle WebLogic Server Web Services Security Policy not Enforced (CVE-2008-5459)

medium Nessus Plugin ID 57040

Synopsis

The remote Oracle WebLogic Server has an unspecified vulnerability.

Description

According to its self-reported banner, the version of Oracle WebLogic Server running on the remote host is affected by an unspecified vulnerability that could allow a remote, unauthenticated attacker to disable enforcement of security policies for the web services. Such an attack could have a partial impact on confidentiality.

Solution

Upgrade and/or apply the appropriate patch as described in Oracle's advisory.

See Also

https://www.oracle.com/technetwork/topics/security/2807-100085.html

Plugin Details

Severity: Medium

ID: 57040

File Name: weblogic_cr380519.nasl

Version: 1.15

Type: remote

Family: Web Servers

Published: 12/7/2011

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 2.7

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:oracle:weblogic_server, cpe:/a:bea:weblogic_server

Required KB Items: www/weblogic

Exploit Ease: No known exploits are available

Patch Publication Date: 1/14/2009

Vulnerability Publication Date: 1/14/2009

Exploitable With

Elliot (Oracle Secure Backup 10.2.0.2 RCE (Windows))

Reference Information

CVE: CVE-2008-5459

BID: 33177

CWE: 264