{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T11:02:39.550","vulnerabilities":[{"cve":{"id":"CVE-2008-0900","sourceIdentifier":"cve@mitre.org","published":"2008-02-22T21:44:00.000","lastModified":"2025-04-09T00:30:58.490","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Session fixation vulnerability in BEA WebLogic Server and Express 8.1 SP4 through SP6, 9.2 through MP1, and 10.0 allows remote authenticated users to hijack web sessions via unknown vectors."},{"lang":"es","value":"Vulnerabilidad de fijación de sesión en BEA WebLogic Server y Express de 8.1 SP4 a SP6, de 9.2 a MP1 y 10.0 permite a usuarios autentificados remotamente secuestrar sesiones web a través de vectores desconocidos."}],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:P/I:P/A:P","baseScore":6.0,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":6.8,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":true,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-264"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:8.1:sp4:*:*:*:*:*:*","matchCriteriaId":"0653ACAC-B0D9-4381-AB23-11D24852A414"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:8.1:sp4:express:*:*:*:*:*","matchCriteriaId":"107C2FC6-BC60-4817-8A21-14C81DA6DEF5"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:8.1:sp5:*:*:*:*:*:*","matchCriteriaId":"2A489A8E-D3AE-42DF-8DCF-5A9EF10778FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:8.1:sp5:express:*:*:*:*:*","matchCriteriaId":"24E0BA12-971C-4DC4-8ED2-9B7DCD6390E7"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:8.1:sp6:*:*:*:*:*:*","matchCriteriaId":"7A75A7F9-A99A-4C8E-9867-71FA8A55DD70"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:8.1:sp6:express:*:*:*:*:*","matchCriteriaId":"715D1DD4-A736-4F55-9369-71C232AB14CC"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:9.2:*:*:*:*:*:*:*","matchCriteriaId":"7BA8C449-ECD0-46E5-A7D6-740DE8DEE0EC"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:9.2:mp1:*:*:*:*:*:*","matchCriteriaId":"321BC193-5FBF-4F25-996D-1FE74779F34D"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:10.0:*:*:*:*:*:*:*","matchCriteriaId":"60F9ABCC-5217-4650-8C71-F8B0EB86789F"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea_systems:weblogic_express:9.2:mp1:*:*:*:*:*:*","matchCriteriaId":"FF045092-39D3-4598-99DA-D1B35F0DDC3C"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea_systems:weblogic_express:10.0:*:*:*:*:*:*:*","matchCriteriaId":"61231482-5CC5-4C23-AA48-11E24FB6C94F"}]}]}],"references":[{"url":"http://dev2dev.bea.com/pub/advisory/270","source":"cve@mitre.org","tags":["Patch"]},{"url":"http://secunia.com/advisories/29041","source":"cve@mitre.org"},{"url":"http://www.securitytracker.com/id?1019439","source":"cve@mitre.org"},{"url":"http://www.vupen.com/english/advisories/2008/0612/references","source":"cve@mitre.org"},{"url":"http://dev2dev.bea.com/pub/advisory/270","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"http://secunia.com/advisories/29041","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id?1019439","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.vupen.com/english/advisories/2008/0612/references","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}