Lucene search
+L

2905 matches found

Positive Technologies
Positive Technologies
added 2005/05/24 12:0 a.m.8 views

PT-2005-2716 · Bea · Weblogic Express +1

Name of the Vulnerable Software and Affected Versions: BEA WebLogic Server and WebLogic Express versions 7.0 through Service Pack 5 Description: The issue allows users to continue accessing an application without having to log in again after the application is redeployed. This may violate newly...

9.8CVSS6.5AI score0.02142EPSS
Exploits0References7
NVD
NVD
added 2005/05/02 4:0 a.m.17 views

CVE-2005-0432

BEA WebLogic Server 7.0 Service Pack 5 and earlier, and 8.1 Service Pack 3 and earlier, generates different login exceptions that suggest why an authentication attempt fails, which makes it easier for remote attackers to guess passwords via brute force attacks...

5CVSS6.9AI score0.01987EPSS
Exploits0References2
CVE
CVE
added 2005/03/10 5:0 a.m.49 views

CVE-2004-1758

BEA WebLogic Server/Express (versions 8.1 up to SP2, 7.0 up to SP4, 6.1 up to SP6) may store the database username and password for an untargeted JDBC connection pool in plaintext in config.xml, enabling local users to gain privileges. Root cause: credentials stored in plaintext within config.xml...

4.6CVSS7.1AI score0.00362EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2005/03/10 5:0 a.m.57 views

CVE-2003-1094

Technical details for CVE-2003-1094 are not provided in the connected documents; only the BEA WebLogic 7.0 SP3 issue is described. Monitor for updates.

7.2CVSS7.5AI score0.01198EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2005/03/10 5:0 a.m.44 views

CVE-2003-1093

BEA WebLogic Server versions 6.1, 7.0 and 7.0.0.1 expose a vulnerability where, when routing messages to a JMS target domain that is inaccessible, a ResourceAllocationException may cause the user’s password to be leaked. The issue affects the JMS routing path and has partial impact on confidentia...

4.6CVSS7AI score0.00374EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2005/03/10 5:0 a.m.57 views

CVE-2003-1095

BEA WebLogic Server/Express 7.0 and 7.0.0.1 are affected by CVE-2003-1095 due to improper handling of memory session persistence: authentication data is not cleared on redeploy, potentially allowing re-authenticated access without re-signing in. The issue is described across multiple feeds (NVD/N...

4.6CVSS6.8AI score0.00384EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2005/03/10 5:0 a.m.40 views

CVE-2004-1755

Technical details for CVE-2004-1755 are not publicly available in the provided documents. No affected products, impact specifics, or remediation are described here. Monitor for updates.

7.5CVSS7.2AI score0.01473EPSS
Exploits0References5
Cvelist
Cvelist
added 2005/03/10 5:0 a.m.24 views

CVE-2004-1757

BEA WebLogic Server and Express 8.1, SP1 and earlier, stores the administrator password in cleartext in config.xml, which allows local users to gain privileges...

6.6AI score0.00422EPSS
Exploits0References5
Cvelist
Cvelist
added 2005/03/10 5:0 a.m.20 views

CVE-2003-1093

BEA WebLogic Server 6.1, 7.0 and 7.0.0.1, when routing messages to a JMS target domain that is inaccessible, may leak the user's password when it throws a ResourceAllocationException...

6.6AI score0.00374EPSS
Exploits0References4
Cvelist
Cvelist
added 2005/03/10 5:0 a.m.22 views

CVE-2003-1094

BEA WebLogic Server and Express version 7.0 SP3 may follow certain code execution paths that result in an incorrect current user, such as in the frequent use of JNDI initial contexts, which could allow remote authenticated users to gain privileges...

7AI score0.01198EPSS
Exploits0References4
Cvelist
Cvelist
added 2005/03/10 5:0 a.m.24 views

CVE-2003-1095

BEA WebLogic Server and Express 7.0 and 7.0.0.1, when using "memory" session persistence for web applications, does not clear authentication information when a web application is redeployed, which could allow users of that application to gain access without having to re-authenticate...

6.7AI score0.00384EPSS
Exploits0References4
Cvelist
Cvelist
added 2005/03/10 5:0 a.m.15 views

CVE-2004-1756

BEA WebLogic Server and WebLogic Express 8.1 SP2 and earlier, and 7.0 SP4 and earlier, when using 2-way SSL with a custom trust manager, may accept a certificate chain even if the trust manager rejects it, which allows remote attackers to spoof other users or servers...

6.6AI score0.01241EPSS
Exploits0References6
Cvelist
Cvelist
added 2005/03/10 5:0 a.m.16 views

CVE-2004-1758

BEA WebLogic Server and WebLogic Express version 8.1 up to SP2, 7.0 up to SP4, and 6.1 up to SP6 may store the database username and password for an untargeted JDBC connection pool in plaintext in config.xml, which allows local users to gain privileges...

6.7AI score0.00362EPSS
Exploits0References7
CVE
CVE
added 2005/02/15 5:0 a.m.44 views

CVE-2005-0432

CVE-2005-0432 affects BEA WebLogic Server 7.0 SP5 and earlier and 8.1 SP3 and earlier. The issue is that authentication attempts generate different login exceptions, which can aid remote attackers in guessing passwords via brute force. The connected records confirm this behavior as the root cause...

5CVSS7.3AI score0.01987EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2005/02/15 5:0 a.m.21 views

CVE-2005-0432

BEA WebLogic Server 7.0 Service Pack 5 and earlier, and 8.1 Service Pack 3 and earlier, generates different login exceptions that suggest why an authentication attempt fails, which makes it easier for remote attackers to guess passwords via brute force attacks...

6.9AI score0.01987EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2004/12/31 5:0 a.m.7 views

CVE-2004-2320

The default configuration of BEA WebLogic Server and Express 8.1 SP2 and earlier, 7.0 SP4 and earlier, 6.1 through SP6, and 5.1 through SP13 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing XST attacks in applications that are...

5.8CVSS6AI score0.02561EPSS
Exploits0References8
NVD
NVD
added 2004/12/31 5:0 a.m.11 views

CVE-2004-1755

The Web Services fat client for BEA WebLogic Server and Express 7.0 SP4 and earlier, when using 2-way SSL and multiple certificates to connect to the same URL, may use the incorrect identity after the first connection, which could allow users to gain privileges...

7.5CVSS6.8AI score0.01473EPSS
Exploits0References5
NVD
NVD
added 2004/12/31 5:0 a.m.16 views

CVE-2004-2696

BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, when using Remote Method Invocation RMI over Internet Inter-ORB Protocol IIOP, does not properly handle when multiple logins for different users coming from the same client, which could cause an "unexpected user identity" to be used in a...

5.5CVSS6.6AI score0.01286EPSS
Exploits0References6
NVD
NVD
added 2004/12/31 5:0 a.m.19 views

CVE-2004-2424

BEA WebLogic Server and WebLogic Express 8.1 through 8.1 SP2 allow remote attackers to cause a denial of service network port consumption via unknown actions in HTTPS sessions, which prevents the server from releasing the network port when the session ends...

5CVSS6.7AI score0.01752EPSS
Exploits0References6
NVD
NVD
added 2004/12/31 5:0 a.m.13 views

CVE-2004-2321

BEA WebLogic Server and Express 8.1 SP1 and earlier allows local users in the Operator role to obtain administrator passwords via MBean attributes, including 1 ServerStartMBean.Password and 2 NodeManagerMBean.CertificatePassword...

2.1CVSS6.2AI score0.0021EPSS
Exploits0References4
Rows per page
Query Builder