ID CVE-2008-4009
Summary Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 9.1, when configuring multiple authorizers, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
References
Vulnerable Configurations
  • cpe:2.3:a:oracle:bea_product_suite:9.1
    cpe:2.3:a:oracle:bea_product_suite:9.1
CVSS
Base: 5.1 (as of 15-10-2008 - 14:22)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
NASL family Web Servers
NASL id WEBLOGIC_CR334468.NASL
description According to its self-reported banner, the version of Oracle WebLogic Server running on the remote host is affected by an unspecified privilege escalation vulnerability that can occur for some resources when the server is configured with more than one authorizer, such as a XACMLAuthorizer and a DefaultAuthorizer.
last seen 2019-02-21
modified 2018-11-15
plugin id 17737
published 2011-11-30
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=17737
title Oracle WebLogic Multiple Authorizer Unspecified Privilege Escalation (CVE-2008-4009)
refmap via4
confirm
sectrack 1021056
secunia 32304
vupen ADV-2008-2825
xf oracle-weblogic-authorizer-unauth-access(45908)
Last major update 22-10-2012 - 22:53
Published 14-10-2008 - 17:11
Last modified 07-08-2017 - 21:32
Back to Top