Filtered by vendor Bea
Subscribe
Total
159 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-0471 | 1 Bea | 1 Weblogic Server | 2023-12-10 | 2.1 LOW | N/A |
| BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 through SP2 does not enforce site restrictions for starting and stopping servers for users in the Admin and Operator security roles, which allows unauthorized users to cause a denial of service (service shutdown). | |||||
| CVE-2003-1290 | 1 Bea | 1 Weblogic Server | 2023-12-10 | 5.0 MEDIUM | N/A |
| BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, with RMI and anonymous admin lookup enabled, allows remote attackers to obtain configuration information by accessing MBeanHome via the Java Naming and Directory Interface (JNDI). | |||||
| CVE-2003-0623 | 1 Bea | 2 Tuxedo, Weblogic Server | 2023-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to inject arbitrary web script via the INIFILE argument. | |||||
| CVE-2003-1437 | 6 Bea, Hp, Ibm and 3 more | 8 Weblogic Server, Hp-ux, Aix and 5 more | 2023-12-10 | 2.1 LOW | N/A |
| BEA WebLogic Express and WebLogic Server 7.0 and 7.0.0.1, stores passwords in plaintext when a keystore is used to store a private key or trust certificate authorities, which allows local users to gain access. | |||||
| CVE-2002-1030 | 1 Bea | 1 Weblogic Server | 2023-12-10 | 2.6 LOW | N/A |
| Race condition in Performance Pack in BEA WebLogic Server and Express 5.1.x, 6.0.x, 6.1.x and 7.0 allows remote attackers to cause a denial of service (crash) via a flood of data and connections. | |||||
| CVE-2003-0151 | 1 Bea | 1 Weblogic Server | 2023-12-10 | 7.5 HIGH | N/A |
| BEA WebLogic Server and Express 6.0 through 7.0 does not properly restrict access to certain internal servlets that perform administrative functions, which allows remote attackers to read arbitrary files or execute arbitrary code. | |||||
| CVE-2003-1095 | 1 Bea | 1 Weblogic Server | 2023-12-10 | 4.6 MEDIUM | N/A |
| BEA WebLogic Server and Express 7.0 and 7.0.0.1, when using "memory" session persistence for web applications, does not clear authentication information when a web application is redeployed, which could allow users of that application to gain access without having to re-authenticate. | |||||
| CVE-2003-1221 | 1 Bea | 1 Weblogic Server | 2023-12-10 | 5.0 MEDIUM | N/A |
| BEA WebLogic Express and Server 7.0 through 8.1 SP 1, under certain circumstances when a request to use T3 over SSL (t3s) is made to the insecure T3 port, may use a non-SSL connection for the communication, which could allow attackers to sniff sessions. | |||||
| CVE-2004-0652 | 1 Bea | 1 Weblogic Server | 2023-12-10 | 7.2 HIGH | N/A |
| BEA WebLogic Server and WebLogic Express 7.0 through 7.0 Service Pack 4, and 8.1 through 8.1 Service Pack 2, allows attackers to obtain the username and password for booting the server by directly accessing certain internal methods. | |||||
| CVE-2003-1220 | 1 Bea | 1 Weblogic Server | 2023-12-10 | 5.0 MEDIUM | N/A |
| BEA WebLogic Server proxy plugin for BEA Weblogic Express and Server 6.1 through 8.1 SP 1 allows remote attackers to cause a denial of service (proxy plugin crash) via a malformed URL. | |||||
| CVE-2000-1238 | 1 Bea | 1 Weblogic Server | 2023-12-10 | 7.5 HIGH | N/A |
| BEA Systems WebLogic Express and WebLogic Server 5.1 SP1-SP6 allows remote attackers to bypass access controls for restricted JSP or servlet pages via a URL with multiple / (forward slash) characters before the restricted pages. | |||||
| CVE-2003-1222 | 1 Bea | 1 Weblogic Server | 2023-12-10 | 5.0 MEDIUM | N/A |
| BEA Weblogic Express and Server 8.0 through 8.1 SP 1, when using a foreign Java Message Service (JMS) provider, echoes the password for the foreign provider to the console and stores it in cleartext in config.xml, which could allow attackers to obtain the password. | |||||
| CVE-2003-1093 | 1 Bea | 1 Weblogic Server | 2023-12-10 | 4.6 MEDIUM | N/A |
| BEA WebLogic Server 6.1, 7.0 and 7.0.0.1, when routing messages to a JMS target domain that is inaccessible, may leak the user's password when it throws a ResourceAllocationException. | |||||
| CVE-2001-0098 | 1 Bea | 1 Weblogic Server | 2023-12-10 | 10.0 HIGH | N/A |
| Buffer overflow in Bea WebLogic Server before 5.1.0 allows remote attackers to execute arbitrary commands via a long URL that begins with a ".." string. | |||||
| CVE-2002-2177 | 1 Bea | 1 Weblogic Server | 2023-12-10 | 2.6 LOW | N/A |
| BEA WebLogic Server and Express 6.1 through 7.0.0.1 buffers HTTP requests in a way that can cause BEA to send the same response for two different HTTP requests, which could allow remote attackers to obtain sensitive information that was intended for other users. | |||||
| CVE-2002-2141 | 1 Bea | 1 Weblogic Server | 2023-12-10 | 7.5 HIGH | N/A |
| BEA WebLogic Server and Express 7.0 and 7.0.0.1, when running Servlets and Enterprise JavaBeans (EJB) on more than one server, will remove the security constraints and roles on all servers for any Servlets or EJB that are used by an application that is undeployed on one server, which could allow remote attackers to conduct unauthorized activities in violation of the intended restrictions. | |||||
| CVE-2004-0470 | 1 Bea | 1 Weblogic Server | 2023-12-10 | 7.5 HIGH | N/A |
| BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 through SP2, when editing weblogic.xml using WebLogic Builder or the SecurityRoleAssignmentMBean.toXML method, inadvertently removes security-role-assignment tags when weblogic.xml does not have a principal-name tag, which can remove intended access restrictions for the associated web application. | |||||
| CVE-2004-1756 | 1 Bea | 1 Weblogic Server | 2023-12-10 | 5.0 MEDIUM | N/A |
| BEA WebLogic Server and WebLogic Express 8.1 SP2 and earlier, and 7.0 SP4 and earlier, when using 2-way SSL with a custom trust manager, may accept a certificate chain even if the trust manager rejects it, which allows remote attackers to spoof other users or servers. | |||||
| CVE-2000-0684 | 1 Bea | 1 Weblogic Server | 2023-12-10 | 10.0 HIGH | N/A |
| BEA WebLogic 5.1.x does not properly restrict access to the JSPServlet, which could allow remote attackers to compile and execute Java JSP code by directly invoking the servlet on any source file. | |||||
| CVE-2000-0681 | 1 Bea | 1 Weblogic Server | 2023-12-10 | 10.0 HIGH | N/A |
| Buffer overflow in BEA WebLogic server proxy plugin allows remote attackers to execute arbitrary commands via a long URL with a .JSP extension. | |||||