Bea Systems Weblogic Server vulnerabilities

5 known vulnerabilities affecting bea_systems/weblogic_server.

Total CVEs
5
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2010-2375MEDIUMCVSS 6.4PoCv10.02010-07-13
CVE-2010-2375 [MEDIUM] CVE-2010-2375: Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebL Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
nvd
CVE-2008-3257CRITICALCVSS 10.0PoCv10.0_mp12008-07-22
CVE-2008-3257 [CRITICAL] CWE-119 CVE-2008-3257: Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
nvd
CVE-2008-0901HIGHCVSS 7.1v10.0_mp12008-02-22
CVE-2008-0901 [HIGH] CWE-200 CVE-2008-0901: BEA WebLogic Server and Express 7.0 through 10.0 allows remote attackers to conduct brute force pass BEA WebLogic Server and Express 7.0 through 10.0 allows remote attackers to conduct brute force password guessing attacks, even when account lockout has been activated, via crafted URLs that indicate whether a guessed password is successful or not.
nvd
CVE-2008-0903MEDIUMCVSS 4.3≤ 10.02008-02-22
CVE-2008-0903 [MEDIUM] CVE-2008-0903: Unspecified vulnerability in the BEA WebLogic Server and Express proxy plugin, as distributed before Unspecified vulnerability in the BEA WebLogic Server and Express proxy plugin, as distributed before November 2007 and before 9.2 MP3 and 10.0 MP2, allows remote attackers to cause a denial of service (web server crash) via a crafted URL.
nvd
CVE-2008-0902MEDIUMCVSS 4.3v10.0_mp12008-02-22
CVE-2008-0902 [MEDIUM] CVE-2008-0902: Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 6.1 through 1 Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 6.1 through 10.0 MP1 allow remote attackers to inject arbitrary web script or HTML via unspecified samples. NOTE: this might be the same issue as CVE-2007-2694.
nvd