Filtered by vendor Bea
Subscriptions
Filtered by product Weblogic Server
Subscriptions
Total
151 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-2462 | 1 Bea | 1 Weblogic Server | 2025-04-03 | N/A |
| BEA WebLogic Server 8.1 before Service Pack 4 and 7.0 before Service Pack 6, may send sensitive data over non-secure channels when using JTA transactions, which allows remote attackers to read potentially sensitive network traffic. | ||||
| CVE-2006-2464 | 1 Bea | 1 Weblogic Server | 2025-04-03 | N/A |
| stopWebLogic.sh in BEA WebLogic Server 8.1 before Service Pack 4 and 7.0 before Service Pack 6 displays the administrator password to stdout when executed, which allows local users to obtain the password by viewing a local display. | ||||
| CVE-2006-2466 | 1 Bea | 1 Weblogic Server | 2025-04-03 | N/A |
| BEA WebLogic Server 8.1 up to SP4 and 7.0 up to SP6 allows remote attackers to obtain the source code of JSP pages during certain circumstances related to a "timing window" when a compilation error occurs, aka the "JSP showcode vulnerability." | ||||
| CVE-2006-2467 | 1 Bea | 1 Weblogic Server | 2025-04-03 | N/A |
| BEA WebLogic Server 8.1 up to SP4, 7.0 up to SP6, and 6.1 up to SP7 displays the internal IP address of the WebLogic server in the WebLogic Server Administration Console, which allows remote authenticated administrators to determine the address. | ||||
| CVE-2005-4749 | 1 Bea | 1 Weblogic Server | 2025-04-03 | N/A |
| HTTP request smuggling vulnerability in BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier allows remote attackers to inject arbitrary HTTP headers via unspecified attack vectors. | ||||
| CVE-2003-1437 | 6 Bea, Hp, Ibm and 3 more | 8 Weblogic Server, Hp-ux, Aix and 5 more | 2025-04-03 | N/A |
| BEA WebLogic Express and WebLogic Server 7.0 and 7.0.0.1, stores passwords in plaintext when a keystore is used to store a private key or trust certificate authorities, which allows local users to gain access. | ||||
| CVE-2000-0500 | 1 Bea | 1 Weblogic Server | 2025-04-03 | N/A |
| The default configuration of BEA WebLogic 5.1.0 allows a remote attacker to view source code of programs by requesting a URL beginning with /file/, which causes the default servlet to display the file without further processing. | ||||
| CVE-2000-0681 | 1 Bea | 1 Weblogic Server | 2025-04-03 | N/A |
| Buffer overflow in BEA WebLogic server proxy plugin allows remote attackers to execute arbitrary commands via a long URL with a .JSP extension. | ||||
| CVE-2000-0683 | 1 Bea | 1 Weblogic Server | 2025-04-03 | N/A |
| BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /*.shtml/ into the URL, which invokes the SSIServlet. | ||||
| CVE-2000-0684 | 1 Bea | 1 Weblogic Server | 2025-04-03 | N/A |
| BEA WebLogic 5.1.x does not properly restrict access to the JSPServlet, which could allow remote attackers to compile and execute Java JSP code by directly invoking the servlet on any source file. | ||||
| CVE-2000-0685 | 1 Bea | 1 Weblogic Server | 2025-04-03 | N/A |
| BEA WebLogic 5.1.x does not properly restrict access to the PageCompileServlet, which could allow remote attackers to compile and execute Java JHTML code by directly invoking the servlet on any source file. | ||||
| CVE-2003-1290 | 1 Bea | 1 Weblogic Server | 2025-04-03 | N/A |
| BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, with RMI and anonymous admin lookup enabled, allows remote attackers to obtain configuration information by accessing MBeanHome via the Java Naming and Directory Interface (JNDI). | ||||
| CVE-2003-0621 | 1 Bea | 2 Tuxedo, Weblogic Server | 2025-04-03 | N/A |
| The Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to determine the existence of files outside the web root via modified paths in the INIFILE argument. | ||||
| CVE-2003-0623 | 1 Bea | 2 Tuxedo, Weblogic Server | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in the Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to inject arbitrary web script via the INIFILE argument. | ||||
| CVE-2003-0640 | 1 Bea | 1 Weblogic Server | 2025-04-03 | N/A |
| BEA WebLogic Server and Express, when using NodeManager to start servers, provides Operator users with privileges to overwrite usernames and passwords, which may allow Operators to gain Admin privileges. | ||||
| CVE-2004-0652 | 1 Bea | 1 Weblogic Server | 2025-04-03 | N/A |
| BEA WebLogic Server and WebLogic Express 7.0 through 7.0 Service Pack 4, and 8.1 through 8.1 Service Pack 2, allows attackers to obtain the username and password for booting the server by directly accessing certain internal methods. | ||||
| CVE-2004-1755 | 1 Bea | 1 Weblogic Server | 2025-04-03 | N/A |
| The Web Services fat client for BEA WebLogic Server and Express 7.0 SP4 and earlier, when using 2-way SSL and multiple certificates to connect to the same URL, may use the incorrect identity after the first connection, which could allow users to gain privileges. | ||||
| CVE-2004-1757 | 1 Bea | 1 Weblogic Server | 2025-04-03 | N/A |
| BEA WebLogic Server and Express 8.1, SP1 and earlier, stores the administrator password in cleartext in config.xml, which allows local users to gain privileges. | ||||
| CVE-2002-2141 | 1 Bea | 1 Weblogic Server | 2025-04-03 | N/A |
| BEA WebLogic Server and Express 7.0 and 7.0.0.1, when running Servlets and Enterprise JavaBeans (EJB) on more than one server, will remove the security constraints and roles on all servers for any Servlets or EJB that are used by an application that is undeployed on one server, which could allow remote attackers to conduct unauthorized activities in violation of the intended restrictions. | ||||
| CVE-2003-0624 | 1 Bea | 1 Weblogic Server | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in InteractiveQuery.jsp for BEA WebLogic 8.1 and earlier allows remote attackers to inject malicious web script via the person parameter. | ||||