3 matches found
CVE-2006-2468
Vulnerability details for CVE-2006-2468 show that BEA WebLogic Server Administration Console exposes the domain name in the login form for BEA WebLogic Server 8.1 up to SP4 and 7.0 up to SP6. The underlying issue is information disclosure in the Console login interface, which can allow remote att...
BEA05-V0101.txt
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 BEA WebLogic Administration Console login page cross-site scripting vulnerability AppSecInc Team SHATTER Security Advisory BEA05-V0101 http://www.appsecinc.com/resources/alerts/general/BEA-002.html May 27, 2005 Affected versions: BEA WebLogic Server 7...
CVE-2005-1746
The cluster cookie parsing code in BEA WebLogic Server 7.0 through Service Pack 5 attempts to contact any host or port specified in a cookie, even when it is not in the cluster, which allows remote attackers to cause a denial of service cluster slowdown via modified cookies...