Vulnerability Details : CVE-2008-5457
Public exploit exists!
Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Exploit prediction scoring system (EPSS) score for CVE-2008-5457
Probability of exploitation activity in the next 30 days: 96.82%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2008-5457
-
BEA WebLogic JSESSIONID Cookie Value Overflow
Disclosure Date: 2009-01-13First seen: 2020-04-26exploit/windows/http/bea_weblogic_jsessionidThis module exploits a buffer overflow in BEA's WebLogic plugin. The vulnerable code is only accessible when clustering is configured. A request containing a long JSESSION cookie value can lead to arbitrary code execution. Authors: - pusscat <pusscat@metasploit.co
CVSS scores for CVE-2008-5457
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
References for CVE-2008-5457
Products affected by CVE-2008-5457
- cpe:2.3:a:oracle:bea_product_suite:10.0:mp1:*:*:*:*:*:*
- cpe:2.3:a:oracle:bea_product_suite:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:bea_product_suite:9.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:bea_product_suite:9.2:mp3:*:*:*:*:*:*
- cpe:2.3:a:oracle:bea_product_suite:7.0:sp7:*:*:*:*:*:*
- cpe:2.3:a:oracle:bea_product_suite:8.1:sp6:*:*:*:*:*:*
- cpe:2.3:a:oracle:bea_product_suite:10.3:*:*:*:*:*:*:*