86 matches found
CVE-2017-15702
In Apache Qpid Broker-J 0.18 through 0.32, if the broker is configured with different authentication providers on different ports one of which is an HTTP port, then the broker can be tricked by a remote unauthenticated attacker connecting to the HTTP port into using an authentication provider tha...
CVE-2006-0423
BEA WebLogic Portal 8.1 through SP3 stores the RDBMS Authentication provider password in cleartext in config.xml, allowing privilege escalation. Affected component: WebLogic Portal configuration for RDBMS auth. Root cause: cleartext password storage in config.xml. Impact: partial confidentiality ...
[SA18593] BEA WebLogic Portal Information Disclosure and Security Bypass
TITLE: BEA WebLogic Portal Information Disclosure and Security Bypass SECUNIA ADVISORY ID: SA18593 VERIFY ADVISORY: http://secunia.com/advisories/18593/ CRITICAL: Moderately critical IMPACT: Security Bypass, Exposure of system information, Exposure of sensitive information WHERE: From remote...
CVE-2004-0715
The WebLogic Authentication provider for BEA WebLogic Server and WebLogic Express 8.1 through SP2 and 7.0 through SP4 does not properly clear member relationships when a group is deleted, which can cause a new group with the same name to have the members of the old group, which allows group membe...
CVE-2004-0715
The WebLogic Authentication provider for BEA WebLogic Server and WebLogic Express 8.1 through SP2 and 7.0 through SP4 does not properly clear member relationships when a group is deleted, which can cause a new group with the same name to have the members of the old group, which allows group membe...
BEA WebLogic Server fails to properly associate re-created groups
Overview WebLogic Server contains a vulnerability that could result in the creation of new groups inheriting the privileges of a previously deleted group if members of the deleted group still exist. Description BEA Systems describes WebLogic Server as "an industrial-strength application...