CVE-2008-0898

Published Feb 22, 2008

Last updated 14 years ago

Overview

Description: The distributed queue feature in JMS in BEA WebLogic Server 9.0 through 10.0, in certain configurations, does not properly handle when a client cannot send a message to a member of a distributed queue, which allows remote authenticated users to bypass intended access restrictions for protected distributed queues.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 5.8
Impact score: 4.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-264

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:bea:weblogic_server:9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3CA97F1A-49F7-4511-8959-D62155491DF5"
          },
          {
            "criteria": "cpe:2.3:a:bea:weblogic_server:9.0:ga:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "98F632B9-0572-4563-BA41-262628A5CB7A"
          },
          {
            "criteria": "cpe:2.3:a:bea:weblogic_server:9.0:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E758AF8B-B47F-4CE7-B73E-3638180C9D79"
          },
          {
            "criteria": "cpe:2.3:a:bea:weblogic_server:9.0:sp2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6AC47FAA-AB16-4728-AE0B-C0C90861D809"
          },
          {
            "criteria": "cpe:2.3:a:bea:weblogic_server:9.0:sp3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "10E284B8-4EBE-459D-87BA-401BC2AE29C5"
          },
          {
            "criteria": "cpe:2.3:a:bea:weblogic_server:9.0:sp4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5F588A56-E4CB-44A4-A4D3-BFA89D1C6BD6"
          },
          {
            "criteria": "cpe:2.3:a:bea:weblogic_server:9.0:sp5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "05E4CCAC-8E99-49DE-8E90-18F5C03BBC94"
          },
          {
            "criteria": "cpe:2.3:a:bea:weblogic_server:9.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DCAAE8F1-CB25-4871-BE48-ABF7DFAD8AD6"
          },
          {
            "criteria": "cpe:2.3:a:bea:weblogic_server:9.1:ga:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A585B339-442B-4408-9A44-E872FF4406A8"
          },
          {
            "criteria": "cpe:2.3:a:bea:weblogic_server:9.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7BA8C449-ECD0-46E5-A7D6-740DE8DEE0EC"
          },
          {
            "criteria": "cpe:2.3:a:bea:weblogic_server:9.2:mp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "321BC193-5FBF-4F25-996D-1FE74779F34D"
          },
          {
            "criteria": "cpe:2.3:a:bea:weblogic_server:9.2:mp2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E23EB6FE-EA07-426F-9781-87630BC76FB3"
          },
          {
            "criteria": "cpe:2.3:a:bea:weblogic_server:10.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "60F9ABCC-5217-4650-8C71-F8B0EB86789F"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References