cbcvebase.

Bea Weblogic Server vulnerabilities

146 known vulnerabilities affecting bea/weblogic_server.

Total CVEs
146
CISA KEV
0
Public exploits
12
Exploited in wild
0
Severity breakdown
CRITICAL7HIGH31MEDIUM92LOW16

Vulnerabilities

Page 5 of 8
CVE-2006-2462P4MEDIUMCVSS 5.0v7.0v8.12006-05-19
CVE-2006-2462 [MEDIUM] CVE-2006-2462: BEA WebLogic Server 8.1 before Service Pack 4 and 7.0 before Service Pack 6, may send sensitive data BEA WebLogic Server 8.1 before Service Pack 4 and 7.0 before Service Pack 6, may send sensitive data over non-secure channels when using JTA transactions, which allows remote attackers to read potentially sensitive network traffic.
nvd
CVE-2006-0420P4MEDIUMCVSS 5.0v7.0v8.12006-01-25
CVE-2006-0420 [MEDIUM] CVE-2006-0420: BEA WebLogic Server and WebLogic Express 8.1 through SP4 and 7.0 through SP6 does not properly handl BEA WebLogic Server and WebLogic Express 8.1 through SP4 and 7.0 through SP6 does not properly handle when servlets use relative forwarding, which allows remote attackers to cause a denial of service (slowdown) via unknown attack vectors that cause "looping stack overflow errors."
nvd
CVE-2004-0652P4HIGHCVSS 7.2v7.0v7.0.0.1+1 more2004-08-06
CVE-2004-0652 [HIGH] CVE-2004-0652: BEA WebLogic Server and WebLogic Express 7.0 through 7.0 Service Pack 4, and 8.1 through 8.1 Service BEA WebLogic Server and WebLogic Express 7.0 through 7.0 Service Pack 4, and 8.1 through 8.1 Service Pack 2, allows attackers to obtain the username and password for booting the server by directly accessing certain internal methods.
nvd
CVE-2007-5576P4MEDIUMCVSS 6.8v5.1v6.1+6 more2007-10-18
CVE-2007-5576 [MEDIUM] CWE-200 CVE-2007-5576: BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which allows physically proximate attackers to obtain sensitive information via the (1) cnsbind, (2) cnsunbind, or (3) cnsls commands.
nvd
CVE-2004-2320P4MEDIUMCVSS 5.3v5.1v6.1+2 more2004-12-31
CVE-2004-2320 [MEDIUM] CWE-200 CVE-2004-2320: The default configuration of BEA WebLogic Server and Express 8.1 SP2 and earlier, 7.0 SP4 and earlie The default configuration of BEA WebLogic Server and Express 8.1 SP2 and earlier, 7.0 SP4 and earlier, 6.1 through SP6, and 5.1 through SP13 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting.
nvd
CVE-2005-1742P4MEDIUMCVSS 5.0v6.0v6.1+3 more2005-05-24
CVE-2005-1742 [MEDIUM] CVE-2005-1742: BEA WebLogic Server and WebLogic Express 8.1 SP2 and SP3 allows users with the Monitor security role BEA WebLogic Server and WebLogic Express 8.1 SP2 and SP3 allows users with the Monitor security role to "shrink or reset JDBC connection pools."
nvd
CVE-2005-4754P4MEDIUMCVSS 5.0v8.12005-12-31
CVE-2005-4754 [MEDIUM] CVE-2005-4754: BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier allow remote attackers to obtain sensit BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier allow remote attackers to obtain sensitive information (intranet IP addresses) via unknown attack vectors involving "network address translation."
nvd
CVE-2005-4760P4MEDIUMCVSS 5.1v7.0v8.12005-12-31
CVE-2005-4760 [MEDIUM] CVE-2005-4760: BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier, and 7.0 SP5 and earlier, when fullyDel BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier, and 7.0 SP5 and earlier, when fullyDelegatedAuthorization is enabled for a servlet, does not cause servlet deployment to fail when failures occur in authorization or role providers, which might prevent the servlet from being "fully protected."
nvd
CVE-2007-0422P4MEDIUMCVSS 5.0v9.0v9.1+1 more2007-01-23
CVE-2007-0422 [MEDIUM] CVE-2007-0422: BEA WebLogic Server 9.0, 9.1, and 9.2 Gold, when running on Solaris 9, allows remote attackers to ca BEA WebLogic Server 9.0, 9.1, and 9.2 Gold, when running on Solaris 9, allows remote attackers to cause a denial of service (server inaccessibility) via manipulated socket connections.
nvd
CVE-2006-2471P4MEDIUMCVSS 5.0v6.1v7.0+1 more2006-05-19
CVE-2006-2471 [MEDIUM] CVE-2006-2471: Multiple vulnerabilities in BEA WebLogic Server 8.1 through SP4, 7.0 through SP6, and 6.1 through SP Multiple vulnerabilities in BEA WebLogic Server 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7 leak sensitive information to remote attackers, including (1) DNS and IP addresses to address to T3 clients, (2) internal sensitive information using GetIORServlet, (3) certain "server details" in exceptions when invalid XML is provided, and (4) a stack trace
nvd
CVE-2004-1756P4MEDIUMCVSS 5.0v7.0v8.12004-04-13
CVE-2004-1756 [MEDIUM] CVE-2004-1756: BEA WebLogic Server and WebLogic Express 8.1 SP2 and earlier, and 7.0 SP4 and earlier, when using 2- BEA WebLogic Server and WebLogic Express 8.1 SP2 and earlier, and 7.0 SP4 and earlier, when using 2-way SSL with a custom trust manager, may accept a certificate chain even if the trust manager rejects it, which allows remote attackers to spoof other users or servers.
nvd
CVE-2008-0863P4MEDIUMCVSS 5.0v9.0v9.12008-02-21
CVE-2008-0863 [MEDIUM] CWE-200 CVE-2008-0863: BEA WebLogic Server and WebLogic Express 9.0 and 9.1 exposes the web service's WSDL and security pol BEA WebLogic Server and WebLogic Express 9.0 and 9.1 exposes the web service's WSDL and security policies, which allows remote attackers to obtain sensitive information and potentially launch further attacks.
nvd
CVE-2007-2704P4MEDIUMCVSS 5.4v9.0v9.1+1 more2007-05-16
CVE-2007-2704 [MEDIUM] CVE-2007-2704: BEA WebLogic Server 9.0 through 9.2 allows remote attackers to cause a denial of service (SSL port u BEA WebLogic Server 9.0 through 9.2 allows remote attackers to cause a denial of service (SSL port unavailability) by accessing a half-closed SSL socket.
nvd
CVE-2005-1746P4MEDIUMCVSS 5.0v6.0v6.1+3 more2005-05-24
CVE-2005-1746 [MEDIUM] CVE-2005-1746: The cluster cookie parsing code in BEA WebLogic Server 7.0 through Service Pack 5 attempts to contac The cluster cookie parsing code in BEA WebLogic Server 7.0 through Service Pack 5 attempts to contact any host or port specified in a cookie, even when it is not in the cluster, which allows remote attackers to cause a denial of service (cluster slowdown) via modified cookies.
nvd
CVE-2005-1748P4MEDIUMCVSS 5.0v6.0v6.1+3 more2005-05-24
CVE-2005-1748 [MEDIUM] CVE-2005-1748: The embedded LDAP server in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 thro The embedded LDAP server in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through Service Pack 5, allows remote anonymous binds, which may allow remote attackers to view user entries or cause a denial of service.
nvd
CVE-2004-2696P4MEDIUMCVSS 5.5v6.1v7.0+2 more2004-12-31
CVE-2004-2696 [MEDIUM] CWE-255 CVE-2004-2696: BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, when using Remote Method Invocation (RMI BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, when using Remote Method Invocation (RMI) over Internet Inter-ORB Protocol (IIOP), does not properly handle when multiple logins for different users coming from the same client, which could cause an "unexpected user identity" to be used in an RMI call.
nvd
CVE-2006-1352P4MEDIUMCVSS 5.0v6.1v7.0+1 more2006-03-22
CVE-2006-1352 [MEDIUM] CVE-2006-1352: BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and WebLogic Serv BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and WebLogic Server 6.1 SP7 and earlier allow remote attackers to cause a denial of service (memory exhaustion) via crafted non-canonicalized XML documents.
nvd
CVE-2006-0430P4MEDIUMCVSS 5.0v7.0v8.1+1 more2006-01-25
CVE-2006-0430 [MEDIUM] CVE-2006-0430: Certain configurations of BEA WebLogic Server and WebLogic Express 9.0, 8.1 through SP5, and 7.0 thr Certain configurations of BEA WebLogic Server and WebLogic Express 9.0, 8.1 through SP5, and 7.0 through SP6, when connection filters are enabled, cause the server to run more slowly, which makes it easier for remote attackers to cause a denial of service (server slowdown).
nvd
CVE-2004-2424P4MEDIUMCVSS 5.0v8.12004-12-31
CVE-2004-2424 [MEDIUM] CVE-2004-2424: BEA WebLogic Server and WebLogic Express 8.1 through 8.1 SP2 allow remote attackers to cause a denia BEA WebLogic Server and WebLogic Express 8.1 through 8.1 SP2 allow remote attackers to cause a denial of service (network port consumption) via unknown actions in HTTPS sessions, which prevents the server from releasing the network port when the session ends.
nvd
CVE-2007-0414P4MEDIUMCVSS 5.0≤ 6.1≤ 7.0+5 more2007-01-23
CVE-2007-0414 [MEDIUM] CVE-2007-0414: BEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, and 9.0 allows re BEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, and 9.0 allows remote attackers to cause a denial of service (server hang) via certain requests that cause muxer threads to block when processing error pages.
nvd
Bea Weblogic Server vulnerabilities | cvebase