Bea Weblogic Server vulnerabilities

CVE-2000-0681 [CRITICAL] CVE-2000-0681: Buffer overflow in BEA WebLogic server proxy plugin allows remote attackers to execute arbitrary com Buffer overflow in BEA WebLogic server proxy plugin allows remote attackers to execute arbitrary commands via a long URL with a .JSP extension.

CVE-2000-0685 [CRITICAL] CVE-2000-0685: BEA WebLogic 5.1.x does not properly restrict access to the PageCompileServlet, which could allow re BEA WebLogic 5.1.x does not properly restrict access to the PageCompileServlet, which could allow remote attackers to compile and execute Java JHTML code by directly invoking the servlet on any source file.

CVE-2000-0682 [MEDIUM] CVE-2000-0682: BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /Consol BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /ConsoleHelp/ into the URL, which invokes the FileServlet.

CVE-2000-0683 [MEDIUM] CVE-2000-0683: BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /*.shtm BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /*.shtml/ into the URL, which invokes the SSIServlet.

CVE-2000-0500 [MEDIUM] CVE-2000-0500: The default configuration of BEA WebLogic 5.1.0 allows a remote attacker to view source code of prog The default configuration of BEA WebLogic 5.1.0 allows a remote attacker to view source code of programs by requesting a URL beginning with /file/, which causes the default servlet to display the file without further processing.

CVE-2000-0499 [HIGH] CWE-178 CVE-2000-0499: The default configuration of BEA WebLogic 3.1.8 through 4.5.1 allows a remote attacker to view sourc The default configuration of BEA WebLogic 3.1.8 through 4.5.1 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case.