cbcvebase.

Bea Weblogic Server vulnerabilities

146 known vulnerabilities affecting bea/weblogic_server.

Total CVEs
146
CISA KEV
0
Public exploits
12
Exploited in wild
0
Severity breakdown
CRITICAL7HIGH31MEDIUM92LOW16

Vulnerabilities

Page 4 of 8
CVE-2005-4704P4MEDIUMCVSS 5.0v6.1v7.0+1 more2005-12-31
CVE-2005-4704 [MEDIUM] CVE-2005-4704: Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 8.1 through SP3, 7.0 through S Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 8.1 through SP3, 7.0 through SP6, and 6.1 through SP7, when SSL is intended to be used, causes an unencrypted protocol to be used in certain unspecified circumstances, which causes user credentials to be sent across the network in cleartext and allows remote attackers to gain privileges.
nvd
CVE-2005-4751P4MEDIUMCVSS 6.8v6.1v7.0+2 more2005-12-31
CVE-2005-4751 [MEDIUM] CVE-2005-4751: Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and WebLogic Express 9.0, Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and WebLogic Express 9.0, 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier allow remote attackers to inject arbitrary web script or HTML and gain administrative privileges via unknown attack vectors.
nvd
CVE-2005-4762P4HIGHCVSS 7.2v6.1v7.0+1 more2005-12-31
CVE-2005-4762 [HIGH] CVE-2005-4762: BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and e BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier sometimes stores the boot password in the registry in cleartext, which might allow local users to gain administrative privileges.
nvd
CVE-2007-0421P4MEDIUMCVSS 6.4v6.1v7.02007-01-23
CVE-2007-0421 [MEDIUM] CVE-2007-0421: BEA WebLogic Server 6.1 through 6.1 SP7, and 7.0 through 7.0 SP7 allows remote attackers to cause a BEA WebLogic Server 6.1 through 6.1 SP7, and 7.0 through 7.0 SP7 allows remote attackers to cause a denial of service (disk consumption) via requests containing malformed headers, which cause a large amount of data to be written to the server log.
nvd
CVE-2006-2461P4MEDIUMCVSS 5.0v8.12006-05-19
CVE-2006-2461 [MEDIUM] CVE-2006-2461: BEA WebLogic Server before 8.1 Service Pack 4 does not properly set the Quality of Service in certai BEA WebLogic Server before 8.1 Service Pack 4 does not properly set the Quality of Service in certain circumstances, which prevents some transmissions from being encrypted via SSL, and allows remote attackers to more easily read potentially sensitive network traffic.
nvd
CVE-2002-2142P4HIGHCVSS 7.5v6.0v6.1+2 more2002-12-31
CVE-2002-2142 [HIGH] CVE-2002-2142: An undocumented extension for the Servlet mappings in the Servlet 2.3 specification, when upgrading An undocumented extension for the Servlet mappings in the Servlet 2.3 specification, when upgrading to WebLogic Server and Express 7.0 Service Pack 1 from BEA WebLogic Server and Express 6.0 through 7.0.0.1, does not prepend a "/" character in certain URL patterns, which prevents the proper enforcement of role mappings and policies in applications that use the e
nvd
CVE-2007-0415P4MEDIUMCVSS 5.0≤ 8.1v8.12007-01-23
CVE-2007-0415 [MEDIUM] CVE-2007-0415: BEA WebLogic Server 8.1 through 8.1 SP5 does not properly enforce access control after a dynamic upd BEA WebLogic Server 8.1 through 8.1 SP5 does not properly enforce access control after a dynamic update and dynamic redeployment of an application that is implemented through exploded jars, which allows attackers to bypass intended access restrictions.
nvd
CVE-2003-1094P4HIGHCVSS 7.2v7.02003-12-31
CVE-2003-1094 [HIGH] CVE-2003-1094: BEA WebLogic Server and Express version 7.0 SP3 may follow certain code execution paths that result BEA WebLogic Server and Express version 7.0 SP3 may follow certain code execution paths that result in an incorrect current user, such as in the frequent use of JNDI initial contexts, which could allow remote authenticated users to gain privileges.
nvd
CVE-2006-0419P4MEDIUMCVSS 6.4v7.0v8.1+1 more2006-01-25
CVE-2006-0419 [MEDIUM] CVE-2006-0419: BEA WebLogic Server and WebLogic Express 9.0, 8.1 through SP5, and 7.0 through SP6 allows anonymous BEA WebLogic Server and WebLogic Express 9.0, 8.1 through SP5, and 7.0 through SP6 allows anonymous binds to the embedded LDAP server, which allows remote attackers to read user entries or cause a denial of service (unspecified) via a large number of connections.
nvd
CVE-2005-4758P4MEDIUMCVSS 4.0v8.12005-12-31
CVE-2005-4758 [MEDIUM] CVE-2005-4758: Unspecified vulnerability in the Administration server in BEA WebLogic Server and WebLogic Express 8 Unspecified vulnerability in the Administration server in BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier allows remote authenticated Admin users to read arbitrary files via unknown attack vectors related to an "internal servlet" accessed through HTTP.
nvd
CVE-2003-1290P4MEDIUMCVSS 5.0v6.0v6.1+3 more2003-12-31
CVE-2003-1290 [MEDIUM] CVE-2003-1290: BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, with RMI and anonymous admin lookup enab BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, with RMI and anonymous admin lookup enabled, allows remote attackers to obtain configuration information by accessing MBeanHome via the Java Naming and Directory Interface (JNDI).
nvd
CVE-2005-4766P4MEDIUMCVSS 5.4v7.0v8.12005-12-31
CVE-2005-4766 [MEDIUM] CVE-2005-4766: BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP5 and earlier, do not encryp BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP5 and earlier, do not encrypt multicast traffic, which might allow remote attackers to read sensitive cluster synchronization messages by sniffing the multicast traffic.
nvd
CVE-2005-4705P4MEDIUMCVSS 5.0v6.1v7.0+1 more2005-12-31
CVE-2005-4705 [MEDIUM] CVE-2005-4705: BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7, when BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7, when a Java client application creates an SSL connection to the server after it has already created an insecure connection, will use the insecure connection, which allows remote attackers to sniff the connection.
nvd
CVE-2007-0420P4MEDIUMCVSS 5.0v9.0v9.1+1 more2007-01-23
CVE-2007-0420 [MEDIUM] CVE-2007-0420: BEA WebLogic Server 9.0, 9.1, and 9.2 Gold allows remote attackers to obtain sensitive information v BEA WebLogic Server 9.0, 9.1, and 9.2 Gold allows remote attackers to obtain sensitive information via malformed HTTP requests, which reveal data from previous requests.
nvd
CVE-2003-0733P4MEDIUMCVSS 6.8v5.1v7.02003-10-20
CVE-2003-0733 [MEDIUM] CVE-2003-0733: Multiple cross-site scripting (XSS) vulnerabilities in WebLogic Integration 7.0 and 2.0, Liquid Data Multiple cross-site scripting (XSS) vulnerabilities in WebLogic Integration 7.0 and 2.0, Liquid Data 1.1, and WebLogic Server and Express 5.1 through 7.0, allow remote attackers to execute arbitrary web script and steal authentication credentials via (1) a forward instruction to the Servlet container or (2) other vulnerabilities in the WebLogic Server console
nvd
CVE-2005-1749P4MEDIUMCVSS 5.0v6.0v6.1+3 more2005-05-24
CVE-2005-1749 [MEDIUM] CVE-2005-1749: Buffer overflow in BEA WebLogic Server and WebLogic Express 6.1 Service Pack 4 allows remote attacke Buffer overflow in BEA WebLogic Server and WebLogic Express 6.1 Service Pack 4 allows remote attackers to cause a denial of service (CPU consumption from thread looping).
nvd
CVE-2007-0410P4MEDIUMCVSS 5.0v7.0v8.1+2 more2007-01-23
CVE-2007-0410 [MEDIUM] CVE-2007-0410: Unspecified vulnerability in the thread management in BEA WebLogic 7.0 through 7.0 SP6, 8.1 through Unspecified vulnerability in the thread management in BEA WebLogic 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, 9.0, and 9.1, when T3 authentication is used, allows remote attackers to cause a denial of service (thread and system hang) via unspecified "sequences of events."
nvd
CVE-2005-0432P4MEDIUMCVSS 5.0v7.0v8.12005-05-02
CVE-2005-0432 [MEDIUM] CVE-2005-0432: BEA WebLogic Server 7.0 Service Pack 5 and earlier, and 8.1 Service Pack 3 and earlier, generates di BEA WebLogic Server 7.0 Service Pack 5 and earlier, and 8.1 Service Pack 3 and earlier, generates different login exceptions that suggest why an authentication attempt fails, which makes it easier for remote attackers to guess passwords via brute force attacks.
nvd
CVE-2007-2698P4MEDIUMCVSS 5.0v9.02007-05-16
CVE-2007-2698 [MEDIUM] CVE-2007-2698: The Administration Console in BEA WebLogic Server 9.0 may show plaintext Web Service attributes duri The Administration Console in BEA WebLogic Server 9.0 may show plaintext Web Service attributes during configuration creation, which allows remote attackers to obtain sensitive credential information.
nvd
CVE-2005-4753P4MEDIUMCVSS 5.0v7.0v8.12005-12-31
CVE-2005-4753 [MEDIUM] CVE-2005-4753: BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP6 and earlier, in certain "h BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP6 and earlier, in certain "heavy usage" scenarios, report incorrect severity levels for an audit event, which might allow attackers to perform unauthorized actions and avoid detection.
nvd
Bea Weblogic Server vulnerabilities | cvebase