Detections
Analytics
Oracle WebLogic Server Servlet Container Session Fixation
medium Nessus Plugin ID 52756
Language:
Synopsis
A web server running on the remote host has a session fixation vulnerability.Description
The version of Oracle WebLogic Server running on the remote host has a session fixation vulnerability.A remote attacker could exploit this by tricking a user into making a specially crafted POST request. This would allow the attacker to hijack the user's session.
Solution
Apply the relevant patch referenced by the Oracle advisory.See Also
http://www.nessus.org/u?e08549d8
http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html
Plugin Details
Severity: Medium
ID: 52756
File Name: weblogic_session_fixation.nasl
Version: 1.10
Type: remote
Family: Web Servers
Published: 3/22/2011
Updated: 4/11/2022
Configuration: Enable thorough checks
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.5
CVSS v2
Risk Factor: Medium
Base Score: 5.8
Temporal Score: 4.5
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N
Vulnerability Information
CPE: cpe:/a:oracle:weblogic_server
Required KB Items: www/weblogic
Excluded KB Items: Settings/disable_cgi_scanning
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 1/18/2011
Vulnerability Publication Date: 1/18/2011
Reference Information
CVE: CVE-2010-4437
BID: 45852