NASLDB: Oracle WebLogic Multiple Authorizer Unspecified Privilege Escalation (CVE-2008-4009)
General
ID: 17737
Name: Oracle WebLogic Multiple Authorizer Unspecified Privilege Escalation (CVE-2008-4009)
Summary: Checks the version of Oracle WebLogic
Credits: Tenable Network Security, Inc.
Classification
Risk: –
CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P
CVSS Temporal Vector: –
Port: 80
Family: Web Servers
Type: Remote
Description
According to its self-reported banner, the version of Oracle WebLogic
Server running on the remote host is affected by an unspecified
privilege escalation vulnerability that can occur for some resources
when the server is configured with more than one authorizer, such as a
XACMLAuthorizer and a DefaultAuthorizer.
Exploiting
Exploit Available: –
Exploitability Ease: –
Sources
CVE: CVE-2008-4009
OSVDB: –
Bugtraq: –
scipID: –
Timeline
Vulnerability Disclosure: 2008/10/14
Patch Release: 2008/10/14
Plugin Release: 2011/11/30
Plugin
Version: 1.3
Filename: weblogic_cr334468.nasl
Filesize: 3308 bytes
MD5 Hash: 7697ab6e21b0efd7dbe67b1fcc9d2fe3
Identification: www/weblogic/" + port + "/service_pack
Require Keys: www/weblogic
Dependencies: "weblogic_detect.nasl"
Copyright: This script is Copyright© 2011-2012 Tenable Network Security, Inc.
- Latest Plugins
- USN-1611-1 : thunderbird vulnerabilities
- USN-1610-1 : linux vulnerability
- USN-1609-1 : linux-ti-omap4 vulnerability
- SuSE 10 Security Update : PostgreSQL
- RHSA-2012-1364: bind97
- RHSA-2012-1363: bind
- RHSA-2012-1362: thunderbird
- RHSA-2012-1361: xulrunner
- Mandriva Linux Security Advisory : graphicsmagick
- FreeBSD : phpMyAdmin — Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack