2905 matches found
PT-2005-2716 · Bea · Weblogic Express +1
Name of the Vulnerable Software and Affected Versions: BEA WebLogic Server and WebLogic Express versions 7.0 through Service Pack 5 Description: The issue allows users to continue accessing an application without having to log in again after the application is redeployed. This may violate newly...
CVE-2005-0432
BEA WebLogic Server 7.0 Service Pack 5 and earlier, and 8.1 Service Pack 3 and earlier, generates different login exceptions that suggest why an authentication attempt fails, which makes it easier for remote attackers to guess passwords via brute force attacks...
CVE-2004-1758
BEA WebLogic Server/Express (versions 8.1 up to SP2, 7.0 up to SP4, 6.1 up to SP6) may store the database username and password for an untargeted JDBC connection pool in plaintext in config.xml, enabling local users to gain privileges. Root cause: credentials stored in plaintext within config.xml...
CVE-2003-1094
Technical details for CVE-2003-1094 are not provided in the connected documents; only the BEA WebLogic 7.0 SP3 issue is described. Monitor for updates.
CVE-2003-1093
BEA WebLogic Server versions 6.1, 7.0 and 7.0.0.1 expose a vulnerability where, when routing messages to a JMS target domain that is inaccessible, a ResourceAllocationException may cause the user’s password to be leaked. The issue affects the JMS routing path and has partial impact on confidentia...
CVE-2003-1095
BEA WebLogic Server/Express 7.0 and 7.0.0.1 are affected by CVE-2003-1095 due to improper handling of memory session persistence: authentication data is not cleared on redeploy, potentially allowing re-authenticated access without re-signing in. The issue is described across multiple feeds (NVD/N...
CVE-2004-1755
Technical details for CVE-2004-1755 are not publicly available in the provided documents. No affected products, impact specifics, or remediation are described here. Monitor for updates.
CVE-2004-1757
BEA WebLogic Server and Express 8.1, SP1 and earlier, stores the administrator password in cleartext in config.xml, which allows local users to gain privileges...
CVE-2003-1093
BEA WebLogic Server 6.1, 7.0 and 7.0.0.1, when routing messages to a JMS target domain that is inaccessible, may leak the user's password when it throws a ResourceAllocationException...
CVE-2003-1094
BEA WebLogic Server and Express version 7.0 SP3 may follow certain code execution paths that result in an incorrect current user, such as in the frequent use of JNDI initial contexts, which could allow remote authenticated users to gain privileges...
CVE-2003-1095
BEA WebLogic Server and Express 7.0 and 7.0.0.1, when using "memory" session persistence for web applications, does not clear authentication information when a web application is redeployed, which could allow users of that application to gain access without having to re-authenticate...
CVE-2004-1756
BEA WebLogic Server and WebLogic Express 8.1 SP2 and earlier, and 7.0 SP4 and earlier, when using 2-way SSL with a custom trust manager, may accept a certificate chain even if the trust manager rejects it, which allows remote attackers to spoof other users or servers...
CVE-2004-1758
BEA WebLogic Server and WebLogic Express version 8.1 up to SP2, 7.0 up to SP4, and 6.1 up to SP6 may store the database username and password for an untargeted JDBC connection pool in plaintext in config.xml, which allows local users to gain privileges...
CVE-2005-0432
CVE-2005-0432 affects BEA WebLogic Server 7.0 SP5 and earlier and 8.1 SP3 and earlier. The issue is that authentication attempts generate different login exceptions, which can aid remote attackers in guessing passwords via brute force. The connected records confirm this behavior as the root cause...
CVE-2005-0432
BEA WebLogic Server 7.0 Service Pack 5 and earlier, and 8.1 Service Pack 3 and earlier, generates different login exceptions that suggest why an authentication attempt fails, which makes it easier for remote attackers to guess passwords via brute force attacks...
CVE-2004-2320
The default configuration of BEA WebLogic Server and Express 8.1 SP2 and earlier, 7.0 SP4 and earlier, 6.1 through SP6, and 5.1 through SP13 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing XST attacks in applications that are...
CVE-2004-1755
The Web Services fat client for BEA WebLogic Server and Express 7.0 SP4 and earlier, when using 2-way SSL and multiple certificates to connect to the same URL, may use the incorrect identity after the first connection, which could allow users to gain privileges...
CVE-2004-2696
BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, when using Remote Method Invocation RMI over Internet Inter-ORB Protocol IIOP, does not properly handle when multiple logins for different users coming from the same client, which could cause an "unexpected user identity" to be used in a...
CVE-2004-2424
BEA WebLogic Server and WebLogic Express 8.1 through 8.1 SP2 allow remote attackers to cause a denial of service network port consumption via unknown actions in HTTPS sessions, which prevents the server from releasing the network port when the session ends...
CVE-2004-2321
BEA WebLogic Server and Express 8.1 SP1 and earlier allows local users in the Operator role to obtain administrator passwords via MBean attributes, including 1 ServerStartMBean.Password and 2 NodeManagerMBean.CertificatePassword...