Lucene search
K

4089 matches found

CVE
CVE
added 2000/10/13 4:0 a.m.48 views

CVE-2000-0499

BEA WebLogic 3.1.8–4.5.1 is affected. The default configuration allows a remote attacker to view the source code of a JSP program by requesting a URL that exposes the JSP extension in upper case. Root cause: default config enables exposing JSP source. Impact: confidentiality of JSP source could b...

7.5CVSS7.1AI score0.02512EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2000/10/13 4:0 a.m.23 views

CVE-2000-0683

BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /.shtml/ into the URL, which invokes the SSIServlet...

6.8AI score0.01618EPSS
Exploits0References4
Cvelist
Cvelist
added 2000/10/13 4:0 a.m.19 views

CVE-2000-0684

BEA WebLogic 5.1.x does not properly restrict access to the JSPServlet, which could allow remote attackers to compile and execute Java JSP code by directly invoking the servlet on any source file...

7.1AI score0.1226EPSS
Exploits1References3
Cvelist
Cvelist
added 2000/10/13 4:0 a.m.23 views

CVE-2000-0682

BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /ConsoleHelp/ into the URL, which invokes the FileServlet...

6.7AI score0.01661EPSS
Exploits0References4
Cvelist
Cvelist
added 2000/10/13 4:0 a.m.21 views

CVE-2000-0500

The default configuration of BEA WebLogic 5.1.0 allows a remote attacker to view source code of programs by requesting a URL beginning with /file/, which causes the default servlet to display the file without further processing...

6.7AI score0.04615EPSS
Exploits1References4
CVE
CVE
added 2000/10/13 4:0 a.m.42 views

CVE-2000-0685

BEA WebLogic 5.1.x is vulnerable because PageCompileServlet does not properly restrict access, allowing remote attackers to compile and execute Java JHTML code by invoking the servlet on any source file. The issue stems from inadequate access controls for the servlet, enabling arbitrary code exec...

10CVSS7.5AI score0.1226EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2000/10/13 4:0 a.m.47 views

CVE-2000-0684

BEA WebLogic 5.1.x is affected by an access restriction flaw in the JSPServlet. The vulnerability allows remote attackers to compile and execute Java JSP code by directly invoking the JSPServlet on any source file, enabling complete confidentiality and integrity compromise as described by the CVS...

10CVSS7.5AI score0.1226EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2000/10/13 4:0 a.m.29 views

CVE-2000-0499

The default configuration of BEA WebLogic 3.1.8 through 4.5.1 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case...

7.5AI score0.02512EPSS
Exploits1References4
Cvelist
Cvelist
added 2000/10/13 4:0 a.m.21 views

CVE-2000-0685

BEA WebLogic 5.1.x does not properly restrict access to the PageCompileServlet, which could allow remote attackers to compile and execute Java JHTML code by directly invoking the servlet on any source file...

7.1AI score0.1226EPSS
Exploits1References3
CVE
CVE
added 2000/10/13 4:0 a.m.56 views

CVE-2000-0681

CVE-2000-0681 describes a buffer overflow in the BEA WebLogic Server proxy plug-in that handles third‑party web server requests to forward JSP URLs. The flaw, triggered by long URL paths (notably with a .JSP extension), can overflow a buffer in wl_proxy and allow remote code execution as the user...

10CVSS7.8AI score0.50858EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2000/10/13 4:0 a.m.22 views

CVE-2000-0681

Buffer overflow in BEA WebLogic server proxy plugin allows remote attackers to execute arbitrary commands via a long URL with a .JSP extension...

7.8AI score0.50858EPSS
Exploits0References2
CVE
CVE
added 2000/10/13 4:0 a.m.71 views

CVE-2000-0683

BEA WebLogic 5.1.x is affected by an information-disclosure vulnerability where remote attackers can read the source code of parsed JSP pages by injecting /*.shtml/ into the URL, which invokes the SSIServlet. The underlying cause is JSP/SSIServlet invocation that allows viewing source code, leadi...

5CVSS6.8AI score0.01618EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2000/10/13 4:0 a.m.62 views

CVE-2000-0682

BEA WebLogic 5.1.x is affected by a source-code disclosure vulnerability: inserting /ConsoleHelp/ into a URL can cause the FileServlet to disclose source files. Multiple sources (NVD entry CVE-2000-0682 and OpenVAS/Nessus plugins) describe this WebLogic FileServlet source code disclosure issue. T...

5CVSS6.8AI score0.01661EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2000/10/13 4:0 a.m.51 views

CVE-2000-0500

The CVE-2000-0500 entry affects BEA WebLogic 5.1.0; the default configuration allows a remote attacker to view source code by requesting a URL beginning with /file/, causing the default servlet to display the file without processing. The available sources consistently describe this behavior; no e...

5CVSS7.1AI score0.04615EPSS
Exploits1References4Affected Software1
securityvulns
securityvulns
added 2000/08/17 12:0 a.m.28 views

Переполнения буфера в BEA Weblogic

Переполнения буфера во встраиваемых PROXY-компанентах...

0.6AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2000/08/17 12:0 a.m.38 views

BEA Weblogic server proxy library vulnerabilities

CORE SDI http://www.core-sdi.com Vulnerability Report For BEA Weblogic's Proxy Date Published: August 15, 2000 Advisory ID: CORE-081300 Bugtraq ID: 1570 CVE CAN: None currently assigned. Title: BEA Weblogic Multiple Buffer Overflow Vulnerabilities Class: Boundary Error Condition Buffer Overflow...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2000/08/02 12:0 a.m.35 views

FS-073100-10-BEA.txt

Foundstone, Inc. http://www.foundstone.com "Securing the Dot Com World" Security Advisory BEA's WebLogic .jsp/.jhtml remote command execution ---------------------------------------------------------------------- FS Advisory ID: FS-073100-10-BEA Release Date: July 31, 2000 Product: WebLogic Vendo...

Exploits0
securityvulns
securityvulns
added 2000/08/02 12:0 a.m.33 views

BEA's WebLogic *.jsp/*.jhtml remote command execution

Foundstone, Inc. http://www.foundstone.com "Securing the Dot Com World" Security Advisory BEA's WebLogic .jsp/.jhtml remote command execution ---------------------------------------------------------------------- FS Advisory ID: FS-073100-10-BEA Release Date: July 31, 2000 Product: WebLogic Vendo...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2000/08/01 12:0 a.m.25 views

BEA's WebLogic force handlers show code vulnerability

Foundstone, Inc. http://www.foundstone.com "Securing the Dot Com World" Security Advisory BEA's WebLogic force handlers show code vulnerability ---------------------------------------------------------------------- FS Advisory ID: FS-072800-9-BEA Release Date: July 28, 2000 Product: WebLogic...

0.3AI score
Exploits0
exploitpack
exploitpack
added 2000/08/01 12:0 a.m.12 views

Weblogic 3.1.84.0.44.5.1 - Remote Command Execution

Weblogic 3.1.84.0.44.5.1 - Remote Command Execution source: https://www.securityfocus.com/bid/1525/info In February of 2000 CERT Coordination Center released an advisory titled "Malicious HTML Tags Embedded in Client Web Requests" advisory attached in 'Credit' section". This advisory was a joint...

0.2AI score
Exploits0
Rows per page
Query Builder