Lucene search

[email protected]CVE-2008-0903

HistoryFeb 22, 2008 - 9:44 p.m.

CVE-2008-0903

2008-02-2221:44:00

[email protected]

web.nvd.nist.gov

cve-2008-0903

bea weblogic server

express proxy plugin

denial of service

nvd

vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.5 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.6%

JSON

Unspecified vulnerability in the BEA WebLogic Server and Express proxy plugin, as distributed before November 2007 and before 9.2 MP3 and 10.0 MP2, allows remote attackers to cause a denial of service (web server crash) via a crafted URL.

Affected configurations

NVD

Node

bea_systemsweblogic_expressRange≤10.0mp2

bea_systemsweblogic_serverRange≤10.0mp2

CPENameOperatorVersion
bea_systems:weblogic_expressbea systems weblogic expressle10.0
bea_systems:weblogic_serverbea systems weblogic serverle10.0

CPE	Name	Operator	Version
bea_systems:weblogic_express	bea systems weblogic express	le	10.0
bea_systems:weblogic_server	bea systems weblogic server	le	10.0

References

dev2dev.bea.com/pub/advisory/275

secunia.com/advisories/29041

www.securitytracker.com/id?1019450

www.vupen.com/english/advisories/2008/0608/references

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.5 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.6%

JSON

Related for CVE-2008-0903

nvd1 cvelist1 prion1