ID CVE-2008-4011
Summary Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, and 9.0 allows remote authenticated users to affect integrity via unknown vectors.
References
Vulnerable Configurations
  • cpe:2.3:a:oracle:bea_product_suite:9.2:mp3
    cpe:2.3:a:oracle:bea_product_suite:9.2:mp3
  • cpe:2.3:a:oracle:bea_product_suite:9.1
    cpe:2.3:a:oracle:bea_product_suite:9.1
  • cpe:2.3:a:oracle:bea_product_suite:9.0
    cpe:2.3:a:oracle:bea_product_suite:9.0
  • cpe:2.3:a:oracle:bea_product_suite:10.0:mp1
    cpe:2.3:a:oracle:bea_product_suite:10.0:mp1
CVSS
Base: 2.1 (as of 15-10-2008 - 14:27)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK HIGH SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
nessus via4
NASL family Web Servers
NASL id WEBLOGIC_CR367966.NASL
description According to its self-reported banner, the version of Oracle WebLogic Server running on the remote host is affected by an unspecified privilege escalation vulnerability such that some applications in admin state are made available to non-admin users.
last seen 2019-02-21
modified 2018-11-15
plugin id 17739
published 2011-11-30
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=17739
title Oracle WebLogic Admin State Unspecified Privilege Escalation (CVE-2008-4011)
refmap via4
confirm http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html
sectrack 1021056
vupen ADV-2008-2825
xf oracle-weblogic-apps-priv-escalation(45910)
Last major update 22-10-2012 - 22:53
Published 14-10-2008 - 17:11
Last modified 07-08-2017 - 21:32
Back to Top