Unrated severityNVD Advisory· Published Feb 22, 2008· Updated Apr 23, 2026
CVE-2008-0900
CVE-2008-0900
Description
Session fixation vulnerability in BEA WebLogic Server and Express 8.1 SP4 through SP6, 9.2 through MP1, and 10.0 allows remote authenticated users to hijack web sessions via unknown vectors.
Affected products
11cpe:2.3:a:bea_systems:weblogic_express:10.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:bea_systems:weblogic_express:10.0:*:*:*:*:*:*:*
- cpe:2.3:a:bea_systems:weblogic_express:9.2:mp1:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:10.0:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:a:bea:weblogic_server:10.0:*:*:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:8.1:sp4:*:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:8.1:sp4:express:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:8.1:sp5:*:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:8.1:sp5:express:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:8.1:sp6:*:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:8.1:sp6:express:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:9.2:*:*:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:9.2:mp1:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4News mentions
0No linked articles in our index yet.