Weblogic Server Security Vulnerabilities and Issues — Weblogic Server CVE List

Lucene search

BeaWeblogic Server

17 matches found

CVE•added 2010/07/13 10:30 p.m.•96 views

CVE-2010-2375

Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.

6.4CVSS6AI score0.1617EPSS

CVE•added 2007/05/16 1:19 a.m.•43 views

CVE-2007-2696

The JMS Server in BEA WebLogic Server 6.1 through SP7, 7.0 through SP6, and 8.1 through SP5 enforces security access policies on the front end, which allows remote attackers to access protected queues via direct requests to the JMS back-end server.

6.8CVSS6.8AI score0.01176EPSS

CVE•added 2007/08/31 12:17 a.m.•43 views

CVE-2007-4613

SSL libraries in BEA WebLogic Server 6.1 Gold through SP7, 7.0 Gold through SP7, and 8.1 Gold through SP5 might allow remote attackers to obtain plaintext from an SSL stream via a man-in-the-middle attack that injects crafted data and measures the elapsed time before an error response, a different ...

6.8CVSS6.3AI score0.00598EPSS

CVE•added 2005/05/03 4:0 a.m.•39 views

CVE-2005-1380

Cross-site scripting (XSS) vulnerability in BEA Admin Console 8.1 allows remote attackers to execute arbitrary web script or HTML via the server parameter to a JndiFramesetAction action.

6.8CVSS8AI score0.01285EPSS

CVE•added 2005/05/24 4:0 a.m.•35 views

CVE-2005-1747

Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through Service Pack 6, allow remote attackers to inject arbitrary web script or HTML, and possibly gain administrative privileges, via the (1) j_username or (2) j_password par...

6.8CVSS8.4AI score0.02674EPSS

CVE•added 2006/01/25 11:7 p.m.•35 views

CVE-2006-0419

BEA WebLogic Server and WebLogic Express 9.0, 8.1 through SP5, and 7.0 through SP6 allows anonymous binds to the embedded LDAP server, which allows remote attackers to read user entries or cause a denial of service (unspecified) via a large number of connections.

6.4CVSS6.7AI score0.00588EPSS

CVE•added 2007/01/23 12:28 a.m.•34 views

CVE-2007-0421

BEA WebLogic Server 6.1 through 6.1 SP7, and 7.0 through 7.0 SP7 allows remote attackers to cause a denial of service (disk consumption) via requests containing malformed headers, which cause a large amount of data to be written to the server log.

6.4CVSS6.7AI score0.01858EPSS

CVE•added 2007/08/31 12:17 a.m.•34 views

CVE-2007-4616

The SSL server implementation in BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP1, and 10.0 sometimes selects the null cipher when no other cipher is compatible between the server and client, which might allow remote attackers to intercept communication...

6.4CVSS6.7AI score0.00859EPSS

CVE•added 2007/10/18 9:17 p.m.•34 views

CVE-2007-5576

BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which allows physically proximate attackers to obtain sensitive information via the (1) cnsbind, (2) cnsunbind, or (3) cnsls commands.

6.8CVSS6.3AI score0.00602EPSS

CVE•added 2004/07/27 4:0 a.m.•33 views

CVE-2004-0713

The remove method in a stateful Enterprise JavaBean (EJB) in BEA WebLogic Server and WebLogic Express version 8.1 through SP2, 7.0 through SP4, and 6.1 through SP6, does not properly check EJB permissions before unexporting a bean, which allows remote authenticated users to remove EJB objects from ...

6.4CVSS6.8AI score0.00622EPSS

CVE•added 2006/04/01 2:0 a.m.•33 views

CVE-2005-4751

Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and WebLogic Express 9.0, 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier allow remote attackers to inject arbitrary web script or HTML and gain administrative privileges via unknown attack vectors.

6.8CVSS6.2AI score0.01215EPSS

CVE•added 2007/08/31 12:17 a.m.•32 views

CVE-2007-4615

The SSL client implementation in BEA WebLogic Server 7.0 SP7, 8.1 SP2 through SP6, 9.0, 9.1, 9.2 Gold through MP2, and 10.0 sometimes selects the null cipher when others are available, which might allow remote attackers to intercept communications.

6.4CVSS6.7AI score0.00722EPSS

CVE•added 2008/02/22 9:44 p.m.•32 views

CVE-2008-0900

Session fixation vulnerability in BEA WebLogic Server and Express 8.1 SP4 through SP6, 9.2 through MP1, and 10.0 allows remote authenticated users to hijack web sessions via unknown vectors.

6CVSS6.2AI score0.04528EPSS

CVE•added 2003/10/20 4:0 a.m.•31 views

CVE-2003-0733

Multiple cross-site scripting (XSS) vulnerabilities in WebLogic Integration 7.0 and 2.0, Liquid Data 1.1, and WebLogic Server and Express 5.1 through 7.0, allow remote attackers to execute arbitrary web script and steal authentication credentials via (1) a forward instruction to the Servlet contain...

6.8CVSS6.7AI score0.00969EPSS

CVE•added 2006/01/25 11:7 p.m.•31 views

CVE-2006-0422

Multiple unspecified vulnerabilities in BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7 allow remote attackers to access MBean attributes or cause an unspecified denial of service via unknown attack vectors.

6.4CVSS7AI score0.00952EPSS

CVE•added 2007/01/23 12:28 a.m.•31 views

CVE-2007-0411

BEA WebLogic Server 8.1 through 8.1 SP5, 9.0, 9.1, and 9.2 Gold, when WS-Security is used, does not properly validate certificates, which allows remote attackers to conduct a man-in-the-middle (MITM) attack.

6.8CVSS6.6AI score0.00517EPSS

CVE•added 2008/02/22 9:44 p.m.•25 views

CVE-2008-0895

BEA WebLogic Server and WebLogic Express 6.1 through 10.0 allows remote attackers to bypass authentication for application servlets via crafted request headers.

6.4CVSS7AI score0.00382EPSS