CVE-2010-4437

Oracle WebLogic Server Servlet Container - Confidentiality and Integrity Impact

Title source: manual

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-4437. PoCs published by Roberto Suggi Liverani.

AI-analyzed exploit summary This is a writeup describing a session fixation vulnerability in Oracle WebLogic Server via HTTP POST requests. It explains how an attacker can force a user's browser to adopt a predefined session ID (AFSESSIONID) by embedding it in the POST body, bypassing protections against GET-based fixation.

Description

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.0, 9.1, 9.2.4, 10.0.2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Servlet Container.

Exploits (1)

exploitdb WRITEUP

by Roberto Suggi Liverani · textwebappsmultiple

https://www.exploit-db.com/exploits/16959

View Code ZIP pw:eip

This is a writeup describing a session fixation vulnerability in Oracle WebLogic Server via HTTP POST requests. It explains how an attacker can force a user's browser to adopt a predefined session ID (AFSESSIONID) by embedding it in the POST body, bypassing protections against GET-based fixation.

Classification

Writeup 100%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Oracle WebLogic Server 9.0, 9.1, 9.2.4, 10.0.2, 10.3.2, 10.3.3

No auth needed

Prerequisites: Valid session ID (AFSESSIONID) obtained by the attacker · Victim must be tricked into submitting a crafted POST request

MITRE ATT&CK