VYPR
Unrated severityNVD Advisory· Published Feb 21, 2008· Updated Jun 16, 2026

CVE-2008-0870

CVE-2008-0870

Description

BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 2, under certain circumstances, can redirect a user from the https:// URI for the Portal Administration Console to an http URI, which allows remote attackers to sniff the session.

Affected products

5
  • cpe:2.3:a:bea_systems:weblogic_portal:10.0:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:bea_systems:weblogic_portal:10.0:*:*:*:*:*:*:*
    • cpe:2.3:a:bea_systems:weblogic_portal:9.2:mp1:*:*:*:*:*:*
    • cpe:2.3:a:bea_systems:weblogic_portal:9.2:mp2:*:*:*:*:*:*
    • (no CPE)range: 10.0 and 9.2 through Maintenance Pack 2
  • cpe:2.3:a:oracle:weblogic_portal:9.2:*:*:*:*:*:*:*

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.