CVE-2008-0863: Infoleak
First published: Thu Feb 21 2008(Updated: )
BEA WebLogic Server and WebLogic Express 9.0 and 9.1 exposes the web service's WSDL and security policies, which allows remote attackers to obtain sensitive information and potentially launch further attacks.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle WebLogic Server | =9.0 | |
| Oracle WebLogic Server | =9.1 | |
| Oracle WebLogic Server | =9.0 | |
| Oracle WebLogic Server | =9.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2008-0863?
CVE-2008-0863 is classified as a high severity vulnerability due to the exposure of sensitive information.
How do I fix CVE-2008-0863?
To fix CVE-2008-0863, upgrade the affected BEA WebLogic Server or WebLogic Express to a version that is not vulnerable.
What are the affected versions in CVE-2008-0863?
CVE-2008-0863 affects BEA WebLogic Server 9.0 and 9.1, as well as their Express variants.
What types of attacks can CVE-2008-0863 allow?
CVE-2008-0863 can potentially allow remote attackers to gain sensitive information and conduct further attacks.
Which software does CVE-2008-0863 impact?
CVE-2008-0863 impacts Oracle WebLogic Server and WebLogic Express versions 9.0 and 9.1.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/remedy
- agent/references
- agent/severity
- agent/author
- agent/last-modified-date
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/bea
- canonical/oracle weblogic server
- version/oracle weblogic server/9.0
- version/oracle weblogic server/9.1