4089 matches found
CVE-2000-0499
BEA WebLogic 3.1.8–4.5.1 is affected. The default configuration allows a remote attacker to view the source code of a JSP program by requesting a URL that exposes the JSP extension in upper case. Root cause: default config enables exposing JSP source. Impact: confidentiality of JSP source could b...
CVE-2000-0683
BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /.shtml/ into the URL, which invokes the SSIServlet...
CVE-2000-0684
BEA WebLogic 5.1.x does not properly restrict access to the JSPServlet, which could allow remote attackers to compile and execute Java JSP code by directly invoking the servlet on any source file...
CVE-2000-0682
BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /ConsoleHelp/ into the URL, which invokes the FileServlet...
CVE-2000-0500
The default configuration of BEA WebLogic 5.1.0 allows a remote attacker to view source code of programs by requesting a URL beginning with /file/, which causes the default servlet to display the file without further processing...
CVE-2000-0685
BEA WebLogic 5.1.x is vulnerable because PageCompileServlet does not properly restrict access, allowing remote attackers to compile and execute Java JHTML code by invoking the servlet on any source file. The issue stems from inadequate access controls for the servlet, enabling arbitrary code exec...
CVE-2000-0684
BEA WebLogic 5.1.x is affected by an access restriction flaw in the JSPServlet. The vulnerability allows remote attackers to compile and execute Java JSP code by directly invoking the JSPServlet on any source file, enabling complete confidentiality and integrity compromise as described by the CVS...
CVE-2000-0499
The default configuration of BEA WebLogic 3.1.8 through 4.5.1 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case...
CVE-2000-0685
BEA WebLogic 5.1.x does not properly restrict access to the PageCompileServlet, which could allow remote attackers to compile and execute Java JHTML code by directly invoking the servlet on any source file...
CVE-2000-0681
CVE-2000-0681 describes a buffer overflow in the BEA WebLogic Server proxy plug-in that handles third‑party web server requests to forward JSP URLs. The flaw, triggered by long URL paths (notably with a .JSP extension), can overflow a buffer in wl_proxy and allow remote code execution as the user...
CVE-2000-0681
Buffer overflow in BEA WebLogic server proxy plugin allows remote attackers to execute arbitrary commands via a long URL with a .JSP extension...
CVE-2000-0683
BEA WebLogic 5.1.x is affected by an information-disclosure vulnerability where remote attackers can read the source code of parsed JSP pages by injecting /*.shtml/ into the URL, which invokes the SSIServlet. The underlying cause is JSP/SSIServlet invocation that allows viewing source code, leadi...
CVE-2000-0682
BEA WebLogic 5.1.x is affected by a source-code disclosure vulnerability: inserting /ConsoleHelp/ into a URL can cause the FileServlet to disclose source files. Multiple sources (NVD entry CVE-2000-0682 and OpenVAS/Nessus plugins) describe this WebLogic FileServlet source code disclosure issue. T...
CVE-2000-0500
The CVE-2000-0500 entry affects BEA WebLogic 5.1.0; the default configuration allows a remote attacker to view source code by requesting a URL beginning with /file/, causing the default servlet to display the file without processing. The available sources consistently describe this behavior; no e...
Переполнения буфера в BEA Weblogic
Переполнения буфера во встраиваемых PROXY-компанентах...
BEA Weblogic server proxy library vulnerabilities
CORE SDI http://www.core-sdi.com Vulnerability Report For BEA Weblogic's Proxy Date Published: August 15, 2000 Advisory ID: CORE-081300 Bugtraq ID: 1570 CVE CAN: None currently assigned. Title: BEA Weblogic Multiple Buffer Overflow Vulnerabilities Class: Boundary Error Condition Buffer Overflow...
FS-073100-10-BEA.txt
Foundstone, Inc. http://www.foundstone.com "Securing the Dot Com World" Security Advisory BEA's WebLogic .jsp/.jhtml remote command execution ---------------------------------------------------------------------- FS Advisory ID: FS-073100-10-BEA Release Date: July 31, 2000 Product: WebLogic Vendo...
BEA's WebLogic *.jsp/*.jhtml remote command execution
Foundstone, Inc. http://www.foundstone.com "Securing the Dot Com World" Security Advisory BEA's WebLogic .jsp/.jhtml remote command execution ---------------------------------------------------------------------- FS Advisory ID: FS-073100-10-BEA Release Date: July 31, 2000 Product: WebLogic Vendo...
BEA's WebLogic force handlers show code vulnerability
Foundstone, Inc. http://www.foundstone.com "Securing the Dot Com World" Security Advisory BEA's WebLogic force handlers show code vulnerability ---------------------------------------------------------------------- FS Advisory ID: FS-072800-9-BEA Release Date: July 28, 2000 Product: WebLogic...
Weblogic 3.1.84.0.44.5.1 - Remote Command Execution
Weblogic 3.1.84.0.44.5.1 - Remote Command Execution source: https://www.securityfocus.com/bid/1525/info In February of 2000 CERT Coordination Center released an advisory titled "Malicious HTML Tags Embedded in Client Web Requests" advisory attached in 'Credit' section". This advisory was a joint...