Intrusion Prevention

Oracle.WebLogic.Server.Session.Fixation

Description

This indicates an attack attempt against a session fixation vulnerability in Oracle WebLogic Server.
The vulnerability is caused by an error when the vulnerable software handles a user session. It allows a remote attacker to gain access to the pages that are authorized to the victim user.

Affected Products

Oracle WebLogic Server component in Oracle Fusion Middleware 9.0, 9.1, 9.2.4, 10.0.2, 10.3.2, and 10.3.3

Impact

Security Bypass

Recommended Actions

Apply the update from the vendor.

CVE References

CVE-2010-4437