32 matches found
CVE-2009-0217
CVE-2009-0217 arises from the XML Digital Signature processing where a parameter (HMACOutputLength) does not enforce a minimum length, enabling signature spoofing and authentication bypass across multiple products (e.g., XML-DSig implementations in Oracle, BEA WebLogic, Mono, XML Security Library...
CVE-2009-1016
CVE-2009-1016 concerns a buffer overflow in BEA/Oracle WebLogic Server Plugins related to parsing SSL certificates. The vulnerability affects WebLogic Server Plug-ins across multiple BEA/Oracle versions and can be triggered by a crafted certificate, potentially impacting confidentiality, integrit...
CVE-2010-0079
Technical details for CVE-2010-0079 are not provided in the supplied connected documents. Please monitor for updates; the available sources reference overlapping CVEs but do not disclose specific affected product/version or remediation.
CVE-2009-3403
Technical details for CVE-2009-3403 are not provided in the supplied documents. Public information on affected product/version, root cause, impact, or remediation is not available here; monitor for updates from official advisories.
CVE-2008-4008
CVE-2008-4008 describes a stack-based buffer overflow in the BEA WebLogic Server Apache Connector (mod_wl) affecting WebLogic Server–Apache integration. Affected BEA/Oracle WebLogic versions include 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7. The overflow arises in the Apach...
CVE-2008-5457
CVE-2008-5457 describes a buffer overflow in BEA/Oracle WebLogic Server plug-ins (Apache/Sun/IIS) used to proxy requests. Public records show a JSESSIONID cookie overflow vector that requires clustering to be exploitable, enabling remote code execution. Exploitation details and PoCs exist (Metasp...
CVE-2009-3396
CVE-2009-3396 affects Oracle/BEA WebLogic Server (WebLogic Server 10.3 with BEA Product Suite). The connected data confirms an HTML injection vulnerability in the WebLogic Server Console (WLS Console) that allows remote attackers to obtain the WebLogic admin session cookie via specially crafted H...
CVE-2008-5462
CVE-2008-5462 affects BEA/Oracle WebLogic Portal components in BEA Product Suite 10.3, 10.2, 10.0 MP1, 9.2 MP3, and 8.1 SP6. The flaw is described as an unspecified vulnerability in the WebLogic Portal component that could allow a remote attacker to impact confidentiality, integrity, and availabi...
CVE-2008-4013
CVE-2008-4013 describes an unspecified remote vulnerability in BEA WebLogic Server within the Oracle BEA Product Suite (versions 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6) that can affect confidentiality, integrity, and availability via unknown vectors. Connected documents corroborate an Oracle CPU Oc...
CVE-2009-1004
CVE-2009-1004 refers to an unspecified vulnerability in BEA WebLogic Server 10.3 within BEA Product Suite 10.3 that could affect confidentiality and integrity via remote, unknown vectors. Connected sources corroborate that Oracle issued a multi-vulnerability CPUAPR2009 patch update in April 2009 ...
CVE-2009-1012
Affected software: Oracle BEA WebLogic Server plug-ins for Apache and IIS web servers (versions 7.0 Gold–SP7, 8.1 Gold–SP6, 9.0/9.1/9.2 Gold–MP3, 10.0 Gold–MP1, 10.3). The vulnerability is described as an integer overflow in an unspecified plug-in that parses HTTP requests, potentially causing a ...
CVE-2008-2580
CVE-2008-2580 corresponds to an unspecified information-disclosure vulnerability in Oracle BEA WebLogic Server product lines (10.0 MP1, 9.2 MP3, 9.1, 9.0). The BEA/Oracle risk matrix lists CVE-2008-2580 under WebLogic Server with remote HTTP access, high (CVSS v2) impact in some entries, indicati...
CVE-2009-1003
CVE-2009-1003 is part of a broader Oracle/BEA WebLogic WebLogic Server vulnerability set disclosed in the April 2009 CPU. Connected sources describe concrete issues across Oracle WebLogic Server products (e.g., 9.x/10.x line including WebLogic Server 10.3) and related components where remote atta...
CVE-2009-3399
The CVE-2009-3399 entry affects BEA WebLogic Server (WebLogic Server component) in BEA Product Suite versions 7.0.6 and 8.1.5. The vulnerability is associated with the WLS Console and is exploitable over HTTP/Network with no authentication required, enabling remote attackers to impact integrity. ...
CVE-2008-2581
CVE-2008-2581 is an unspecified vulnerability in WebLogic Server (BEA/Oracle Product Suite) affecting multiple WebLogic releases (10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7) related to the UDDI Explorer component. The vulnerability is described as having unknown impact and remote attack vector...
CVE-2008-5459
CVE-2008-5459 affects Oracle BEA WebLogic Server 10.3 (BEA Product Suite 10.3). The vulnerability is described as unspecified, allowing remote attackers to affect confidentiality via unknown vectors. The available documents do not specify the root cause, affected subcomponents, exact versions bey...
CVE-2008-5461
Oracle WebLogic Server (BEA WebLogic Server) contains an unspecified vulnerability (CVE-2008-5461) that affects multiple versions: 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7. Multiple sources indicate this may be a cross-site scripting issue, with potential consequences including inf...
CVE-2009-1005
Affected products include BEA/Oracle AquaLogic Data Services Platform 3.0/3.2 and Oracle Data Service Integrator 10.3.0, among others. CVE-2009-1005 is described as an unspecified local vulnerability affecting confidentiality, integrity, and availability via unknown vectors. The connected documen...
CVE-2009-1975
CVE-2009-1975 affects BEA WebLogic Server 10.3 (WLS Console Package). The vulnerability in the WLS Console Package allows remote attackers to impact confidentiality, integrity, and availability. Oracle’s July 2009 CPU indicates fixes across BEA/WebLogic components; remediation is to apply the CPU...
CVE-2010-0078
CVE-2010-0078 affects BEA WebLogic Server in the BEA Product Suite (versions 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.1). The vulnerability is described as unspecified and could allow a remote attacker to affect availability via unknown vectors. The connected CPU/patch context indicates Oracle’s January...
CVE-2008-4009
CVE-2008-4009 affects Oracle WebLogic Server 9.1 (BEA Product Suite 9.1). Connected documents corroborate an unspecified privilege-escalation vulnerability that occurs when the server is configured with more than one authorizer (e.g., XACMLAuthorizer and DefaultAuthorizer). The Nessus plugin expl...
CVE-2008-5460
CVE-2008-5460 concerns an unspecified information disclosure in Oracle WebLogic Server (BEA Product Suite) across versions 10.3, 10.0 MP1, 9.2 MP3, 9.1, and 9.0. A Nessus plugin indicates the vulnerability affects JSP pages and servlets, enabling remote disclosure of information. The root cause a...
CVE-2009-1974
CVE-2009-1974 concerns BEA WebLogic Server (part of BEA/Product Suite) and is described in the CVE entry as an unspecified vulnerability in the WebLogic Server component affecting multiple versions (e.g., 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7). The vulnerability is exploitable remot...
CVE-2010-0069
CVE-2010-0069 is a BEA WebLogic Server vulnerability affecting BEA Product Suite components (7.0 SP7, 8.1 SP6, 9.0–9.2 MP3, 10.0 MP1, 10.3.0). The connected CVE records indicate an unspecified remote vulnerability that could affect integrity via unknown vectors. The Oracle CPU/CPUJan2010 advisory...
CVE-2008-4011
CVE-2008-4011 applies to BEA/Oracle WebLogic Server in BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, and 9.0. The vulnerability is described as unspecified, allowing remote authenticated users to affect integrity via unknown vectors. The associated NVD entry lists a network-accessible, high-complexit...
CVE-2010-0074
CVE-2010-0074 concerns the WebLogic Server component of the BEA Product Suite. Per the BEA Product Suite risk matrix, affected releases include BEA WebLogic Server 7.0 through 10.3.1 (specifically 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.1). The description notes an unspecified vulnera...
CVE-2008-2582
CVE-2008-2582 affects Oracle/BEA WebLogic Server (BEA Product Suite) versions 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, and 10.0 MP1. The initial description notes an unspecified vulnerability with unknown impact and remote attack vectors; the connected BEA/Oracle entries list the WebLogic components ...
CVE-2010-0068
CVE-2010-0068 affects BEA WebLogic Server (BEA Product Suite) versions 9.0, 9.1, 9.2 MP2, 10.0. The vulnerability is remote, exploitable via HTTP/Web Services, and impacts confidentiality (partial). No exploit details provided in the initial documents. Remediation is via Oracle January 2010 Criti...
CVE-2008-4010
The CVE-2008-4010 issue pertains to BEA WebLogic Workshop (WebLogic Workshop) in BEA Product Suite 10.3/10.2/10.0 MP1/9.2 MP3/8.1 SP6, where a vulnerability related to NetUI tags could allow remote access to affect confidentiality, integrity, and availability. The underlying cause is not clearly ...
CVE-2009-2002
CVE-2009-2002 refers to a vulnerability in the BEA WebLogic Portal component of the BEA Product Suite. The risk entry indicates a remote attacker could affect integrity over the network via unknown vectors, with a CVSS v2 base score of 4.3 (Medium) and no authentication required, and the impact l...
CVE-2009-1001
CVE-2009-1001 affects Oracle BEA WebLogic Portal 8.1 Gold through SP6. The description indicates an unspecified vulnerability that allows remote authenticated users to gain privileges via unknown vectors, with a CVSS v2 base score of 5.5 (MEDIUM). No concrete exploit vectors or impacted subcompon...
CVE-2009-1002
Concretes details found: CVE-2009-1002 relates to Oracle WebLogic Server family. A vulnerability in the WebLogic Server plugin can cause a stack/heap-like overflow when handling HTTP requests or when parsing SSL certificates, enabling remote attackers to potentially gain privileges. Affected prod...