Unrated severityNVD Advisory· Published Feb 22, 2008· Updated Jun 16, 2026
CVE-2008-0900
CVE-2008-0900
Description
Session fixation vulnerability in BEA WebLogic Server and Express 8.1 SP4 through SP6, 9.2 through MP1, and 10.0 allows remote authenticated users to hijack web sessions via unknown vectors.
Affected products
12cpe:2.3:a:bea_systems:weblogic_express:10.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:bea_systems:weblogic_express:10.0:*:*:*:*:*:*:*
- cpe:2.3:a:bea_systems:weblogic_express:9.2:mp1:*:*:*:*:*:*
- (no CPE)range: 8.1 SP4 through SP6, 9.2 through MP1, and 10.0
cpe:2.3:a:bea:weblogic_server:10.0:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:a:bea:weblogic_server:10.0:*:*:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:8.1:sp4:*:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:8.1:sp4:express:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:8.1:sp5:*:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:8.1:sp5:express:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:8.1:sp6:*:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:8.1:sp6:express:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:9.2:*:*:*:*:*:*:*
- cpe:2.3:a:bea:weblogic_server:9.2:mp1:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.