Detections
Analytics
Oracle WebLogic JSP Pages and Servlets Unspecified Information Disclosure (CVE-2008-5460)
low Nessus Plugin ID 17742
Language:
Synopsis
The remote Oracle WebLogic Server has an unspecified information disclosure vulnerability.Description
According to its self-reported banner, the version of Oracle WebLogic Server running on the remote host is affected by an unspecified, remote information disclosure vulnerability in JSP pages and servlets.Solution
Upgrade and/or apply the appropriate patch as described in Oracle's advisory.See Also
https://www.oracle.com/technetwork/topics/security/2810-090551.html
Plugin Details
Severity: Low
ID: 17742
File Name: weblogic_cr382420.nasl
Version: 1.14
Type: remote
Family: Web Servers
Published: 11/30/2011
Updated: 4/11/2022
Configuration: Enable thorough checks
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Low
Score: 2.7
CVSS v2
Risk Factor: Low
Base Score: 2.6
Temporal Score: 1.9
Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N
Vulnerability Information
CPE: cpe:/a:bea:weblogic_server, cpe:/a:oracle:weblogic_server
Required KB Items: www/weblogic
Exploit Ease: No known exploits are available
Patch Publication Date: 1/14/2009
Vulnerability Publication Date: 1/14/2009
Exploitable With
Elliot (Oracle Secure Backup 10.2.0.2 RCE (Windows))
Reference Information
CVE: CVE-2008-5460
BID: 33177
CWE: 200