Описание
BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 2, under certain circumstances, can redirect a user from the https:// URI for the Portal Administration Console to an http URI, which allows remote attackers to sniff the session.
Ссылки
- Patch
- Patch
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:bea_systems:weblogic_portal:9.2:mp1:*:*:*:*:*:*
cpe:2.3:a:bea_systems:weblogic_portal:9.2:mp2:*:*:*:*:*:*
cpe:2.3:a:bea_systems:weblogic_portal:10.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_portal:9.2:*:*:*:*:*:*:*
EPSS
Процентиль: 52%
0.00294
Низкий
7.5 High
CVSS2
Дефекты
CWE-59
Связанные уязвимости
github
почти 4 года назад
BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 2, under certain circumstances, can redirect a user from the https:// URI for the Portal Administration Console to an http URI, which allows remote attackers to sniff the session.
EPSS
Процентиль: 52%
0.00294
Низкий
7.5 High
CVSS2
Дефекты
CWE-59