CVE-2008-0863

BEA WebLogic Server/Express 9.0/9.1 - Unauthenticated Sensitive Information Exposure via WSDL

Title source: llm
STIX 2.1

Description

BEA WebLogic Server and WebLogic Express 9.0 and 9.1 exposes the web service's WSDL and security policies, which allows remote attackers to obtain sensitive information and potentially launch further attacks.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1019455
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0612/references
Patch vendor-advisory x_refsource_bea
http://dev2dev.bea.com/pub/advisory/260

Scores

EPSS 0.0028
EPSS Percentile 51.9%

Details

CWE
CWE-200
Status published
Products (2)
bea/weblogic_server 9.0 (2 CPE variants)
bea/weblogic_server 9.1 (2 CPE variants)
Published Feb 21, 2008
Tracked Since Feb 18, 2026