Weblogic Server@3.1.8 Security Vulnerabilities and Issues — Weblogic Server@3.1.8 CVE List

Lucene search

BeaWeblogic Server3.1.8

5 matches found

CVE•added 2008/07/22 4:41 p.m.•100 views

CVE-2008-3257

Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.

10CVSS7.4AI score0.71508EPSS

CVE•added 2003/12/01 5:0 a.m.•42 views

CVE-2003-0624

Cross-site scripting (XSS) vulnerability in InteractiveQuery.jsp for BEA WebLogic 8.1 and earlier allows remote attackers to inject malicious web script via the person parameter.

4.3CVSS5.9AI score0.03461EPSS

CVE•added 2000/10/13 4:0 a.m.•40 views

CVE-2000-0500

The default configuration of BEA WebLogic 5.1.0 allows a remote attacker to view source code of programs by requesting a URL beginning with /file/, which causes the default servlet to display the file without further processing.

5CVSS7.1AI score0.0554EPSS

CVE•added 2000/10/20 4:0 a.m.•35 views

CVE-2000-0684

BEA WebLogic 5.1.x does not properly restrict access to the JSPServlet, which could allow remote attackers to compile and execute Java JSP code by directly invoking the servlet on any source file.

10CVSS7.5AI score0.05202EPSS

CVE•added 2000/10/20 4:0 a.m.•30 views

CVE-2000-0685

BEA WebLogic 5.1.x does not properly restrict access to the PageCompileServlet, which could allow remote attackers to compile and execute Java JHTML code by directly invoking the servlet on any source file.

10CVSS7.5AI score0.05202EPSS