Lucene search

K
BeaWeblogic Server

25 matches found

CVE
CVE
added 2007/01/23 12:28 a.m.49 views

CVE-2007-0413

BEA WebLogic Server 8.1 through 8.1 SP5 stores cleartext data in a backup of config.xml after offline editing, which allows local users to obtain sensitive information by reading this backup file.

4.4CVSS5.7AI score0.00074EPSS
CVE
CVE
added 2007/05/16 1:19 a.m.45 views

CVE-2007-2700

The WLST script generated by the configToScript command in BEA WebLogic Express and WebLogic Server 9.0 and 9.1 does not encrypt certain attributes in configuration files when creating a new domain, which allows remote authenticated users to obtain sensitive information.

4CVSS6.1AI score0.00375EPSS
CVE
CVE
added 2003/12/01 5:0 a.m.42 views

CVE-2003-0624

Cross-site scripting (XSS) vulnerability in InteractiveQuery.jsp for BEA WebLogic 8.1 and earlier allows remote attackers to inject malicious web script via the person parameter.

4.3CVSS5.9AI score0.03461EPSS
CVE
CVE
added 2006/01/25 11:7 p.m.42 views

CVE-2006-0421

By design, BEA WebLogic Server and WebLogic Express 7.0 and 6.1, when creating multiple domains from the same WebLogic instance on the same machine, allows administrators of any created domain to access other created domains, which could allow administrators to gain privileges that were not intende...

4.6CVSS6.8AI score0.00093EPSS
CVE
CVE
added 2003/12/01 5:0 a.m.41 views

CVE-2003-0623

Cross-site scripting (XSS) vulnerability in the Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to inject arbitrary web script via the INIFILE argument.

4.3CVSS6.2AI score0.00539EPSS
CVE
CVE
added 2007/05/16 1:19 a.m.41 views

CVE-2007-2694

Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Express and WebLogic Server 6.1 through SP7, 7.0 through SP7, 8.1 through SP5, 9.0 GA, and 9.1 GA allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.7AI score0.00377EPSS
CVE
CVE
added 2005/03/10 5:0 a.m.39 views

CVE-2003-1095

BEA WebLogic Server and Express 7.0 and 7.0.0.1, when using "memory" session persistence for web applications, does not clear authentication information when a web application is redeployed, which could allow users of that application to gain access without having to re-authenticate.

4.6CVSS6.8AI score0.00127EPSS
CVE
CVE
added 2004/07/27 4:0 a.m.38 views

CVE-2004-0712

The configuration tools (1) config.sh in Unix or (2) config.cmd in Windows for BEA WebLogic Server 8.1 through SP2 create a log file that contains the administrative username and password in cleartext, which could allow local users to gain privileges.

4.6CVSS7.2AI score0.0011EPSS
CVE
CVE
added 2005/03/10 5:0 a.m.38 views

CVE-2004-1758

BEA WebLogic Server and WebLogic Express version 8.1 up to SP2, 7.0 up to SP4, and 6.1 up to SP6 may store the database username and password for an untargeted JDBC connection pool in plaintext in config.xml, which allows local users to gain privileges.

4.6CVSS7.1AI score0.00122EPSS
CVE
CVE
added 2006/01/25 11:7 p.m.38 views

CVE-2006-0424

BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7 allows remote authenticated guest users to read the server log and obtain sensitive configuration information.

4CVSS6.1AI score0.00315EPSS
CVE
CVE
added 2006/04/01 2:0 a.m.37 views

CVE-2005-4758

Unspecified vulnerability in the Administration server in BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier allows remote authenticated Admin users to read arbitrary files via unknown attack vectors related to an "internal servlet" accessed through HTTP.

4CVSS6.6AI score0.0035EPSS
CVE
CVE
added 2007/05/16 1:19 a.m.36 views

CVE-2007-2701

The JMS Message Bridge in BEA WebLogic Server 7.0 through SP7 and 8.1 through Service Pack 6, when configured without a username and password, or when the connection URL is not defined, allows remote attackers to bypass the security access policy and "send unauthorized messages to a protected queue...

4.6CVSS6.7AI score0.00452EPSS
CVE
CVE
added 2008/02/21 1:44 a.m.35 views

CVE-2008-0869

Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with...

4.3CVSS5.7AI score0.00329EPSS
CVE
CVE
added 2005/05/24 4:0 a.m.34 views

CVE-2005-1745

The UserLogin control in BEA WebLogic Portal 8.1 through Service Pack 3 prints the password to standard output when an incorrect login attempt is made, which could make it easier for attackers to guess the correct password.

4.6CVSS9.5AI score0.00539EPSS
CVE
CVE
added 2006/05/19 10:2 a.m.34 views

CVE-2006-2472

Unspecified vulnerability in BEA WebLogic Server 9.1 and 9.0, 8.1 through SP5, 7.0 through SP6, and 6.1 through SP7 allows untrusted applications to obtain private server keys.

4.9CVSS6.5AI score0.00077EPSS
CVE
CVE
added 2005/03/10 5:0 a.m.32 views

CVE-2003-1093

BEA WebLogic Server 6.1, 7.0 and 7.0.0.1, when routing messages to a JMS target domain that is inaccessible, may leak the user's password when it throws a ResourceAllocationException.

4.6CVSS7AI score0.00119EPSS
CVE
CVE
added 2007/10/23 1:0 a.m.32 views

CVE-2003-1438

Race condition in BEA WebLogic Server and Express 5.1 through 7.0.0.1, when using in-memory session replication or replicated stateful session beans, causes the same buffer to be provided to two users, which could allow one user to see session data that was intended for another user.

4.3CVSS7.2AI score0.00254EPSS
CVE
CVE
added 2006/04/01 2:0 a.m.32 views

CVE-2005-4752

BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP6 and earlier, might allow local users to gain privileges by using the run-as deployment descriptor element to change the privileges of a web application or EJB from the Deployer security role to the Admin security role.

4.6CVSS7.1AI score0.00076EPSS
CVE
CVE
added 2006/05/19 10:2 a.m.32 views

CVE-2006-2468

The WebLogic Server Administration Console in BEA WebLogic Server 8.1 up to SP4 and 7.0 up to SP6 displays the domain name in the Console login form, which allows remote attackers to obtain sensitive information.

4CVSS6.5AI score0.00315EPSS
CVE
CVE
added 2005/03/10 5:0 a.m.31 views

CVE-2004-1757

BEA WebLogic Server and Express 8.1, SP1 and earlier, stores the administrator password in cleartext in config.xml, which allows local users to gain privileges.

4.6CVSS6.7AI score0.00109EPSS
CVE
CVE
added 2008/02/22 9:44 p.m.31 views

CVE-2008-0899

Cross-site scripting (XSS) vulnerability in the Administration Console in BEA WebLogic Server and Express 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via URLs that are not properly handled by the Unexpected Exception Page.

4.3CVSS5.7AI score0.00285EPSS
CVE
CVE
added 2006/05/19 10:2 a.m.30 views

CVE-2006-2464

stopWebLogic.sh in BEA WebLogic Server 8.1 before Service Pack 4 and 7.0 before Service Pack 6 displays the administrator password to stdout when executed, which allows local users to obtain the password by viewing a local display.

4.6CVSS6.3AI score0.00088EPSS
CVE
CVE
added 2006/05/19 10:2 a.m.30 views

CVE-2006-2467

BEA WebLogic Server 8.1 up to SP4, 7.0 up to SP6, and 6.1 up to SP7 displays the internal IP address of the WebLogic server in the WebLogic Server Administration Console, which allows remote authenticated administrators to determine the address.

4CVSS6.3AI score0.00315EPSS
CVE
CVE
added 2008/02/22 9:44 p.m.30 views

CVE-2008-0902

Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 6.1 through 10.0 MP1 allow remote attackers to inject arbitrary web script or HTML via unspecified samples. NOTE: this might be the same issue as CVE-2007-2694.

4.3CVSS5.8AI score0.00377EPSS
CVE
CVE
added 2005/07/05 4:0 a.m.24 views

CVE-2005-2092

BEA Systems WebLogic 8.1 SP1 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes WebLogic to incorrectly handle and forward ...

4.3CVSS6.4AI score0.02106EPSS