VYPR

WebLogic Express

by Bea

CVEs (69)

  • CVE-2005-4751Dec 31, 2005
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and WebLogic Express 9.0, 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier allow remote attackers to inject arbitrary web script or HTML and gain administrative privileges via unknown…

  • CVE-2005-4758Dec 31, 2005
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the Administration server in BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier allows remote authenticated Admin users to read arbitrary files via unknown attack vectors related to an "internal servlet" accessed through HTTP.

  • CVE-2005-4704Dec 31, 2005
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 8.1 through SP3, 7.0 through SP6, and 6.1 through SP7, when SSL is intended to be used, causes an unencrypted protocol to be used in certain unspecified circumstances, which causes user credentials to be sent…

  • CVE-2005-1742May 24, 2005
    risk 0.00cvss epss 0.03

    BEA WebLogic Server and WebLogic Express 8.1 SP2 and SP3 allows users with the Monitor security role to "shrink or reset JDBC connection pools."

  • CVE-2005-1747May 24, 2005
    risk 0.00cvss epss 0.05

    Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through Service Pack 6, allow remote attackers to inject arbitrary web script or HTML, and possibly gain administrative privileges, via the (1) j_username…

  • CVE-2005-1749May 24, 2005
    risk 0.00cvss epss 0.03

    Buffer overflow in BEA WebLogic Server and WebLogic Express 6.1 Service Pack 4 allows remote attackers to cause a denial of service (CPU consumption from thread looping).

  • CVE-2005-1743May 24, 2005
    risk 0.00cvss epss 0.02

    BEA WebLogic Server and WebLogic Express 8.1 through Service Pack 3 and 7.0 through Service Pack 5 does not properly handle when a security provider throws an exception, which may cause WebLogic to use incorrect identity for the thread, or to fail to audit security exceptions.

  • CVE-2004-1757Dec 31, 2004
    risk 0.00cvss epss 0.00

    BEA WebLogic Server and Express 8.1, SP1 and earlier, stores the administrator password in cleartext in config.xml, which allows local users to gain privileges.

  • CVE-2004-2696Dec 31, 2004
    risk 0.00cvss epss 0.01

    BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, when using Remote Method Invocation (RMI) over Internet Inter-ORB Protocol (IIOP), does not properly handle when multiple logins for different users coming from the same client, which could cause an "unexpected user…

  • CVE-2004-2424Dec 31, 2004
    risk 0.00cvss epss 0.02

    BEA WebLogic Server and WebLogic Express 8.1 through 8.1 SP2 allow remote attackers to cause a denial of service (network port consumption) via unknown actions in HTTPS sessions, which prevents the server from releasing the network port when the session ends.

  • CVE-2004-0652Aug 6, 2004
    risk 0.00cvss epss 0.00

    BEA WebLogic Server and WebLogic Express 7.0 through 7.0 Service Pack 4, and 8.1 through 8.1 Service Pack 2, allows attackers to obtain the username and password for booting the server by directly accessing certain internal methods.

  • CVE-2004-0715Jul 27, 2004
    risk 0.00cvss epss 0.02

    The WebLogic Authentication provider for BEA WebLogic Server and WebLogic Express 8.1 through SP2 and 7.0 through SP4 does not properly clear member relationships when a group is deleted, which can cause a new group with the same name to have the members of the old group, which…

  • CVE-2004-0471Jul 7, 2004
    risk 0.00cvss epss 0.00

    BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 through SP2 does not enforce site restrictions for starting and stopping servers for users in the Admin and Operator security roles, which allows unauthorized users to cause a denial of service (service shutdown).

  • CVE-2004-0470Jul 7, 2004
    risk 0.00cvss epss 0.03

    BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 through SP2, when editing weblogic.xml using WebLogic Builder or the SecurityRoleAssignmentMBean.toXML method, inadvertently removes security-role-assignment tags when weblogic.xml does not have a principal-name…

  • CVE-2004-1758Apr 13, 2004
    risk 0.00cvss epss 0.00

    BEA WebLogic Server and WebLogic Express version 8.1 up to SP2, 7.0 up to SP4, and 6.1 up to SP6 may store the database username and password for an untargeted JDBC connection pool in plaintext in config.xml, which allows local users to gain privileges.

  • CVE-2004-1756Apr 13, 2004
    risk 0.00cvss epss 0.01

    BEA WebLogic Server and WebLogic Express 8.1 SP2 and earlier, and 7.0 SP4 and earlier, when using 2-way SSL with a custom trust manager, may accept a certificate chain even if the trust manager rejects it, which allows remote attackers to spoof other users or servers.

  • CVE-2003-1221Dec 31, 2003
    risk 0.00cvss epss 0.01

    BEA WebLogic Express and Server 7.0 through 8.1 SP 1, under certain circumstances when a request to use T3 over SSL (t3s) is made to the insecure T3 port, may use a non-SSL connection for the communication, which could allow attackers to sniff sessions.

  • CVE-2003-1094Dec 31, 2003
    risk 0.00cvss epss 0.01

    BEA WebLogic Server and Express version 7.0 SP3 may follow certain code execution paths that result in an incorrect current user, such as in the frequent use of JNDI initial contexts, which could allow remote authenticated users to gain privileges.

  • CVE-2003-1437Dec 31, 2003
    risk 0.00cvss epss 0.00

    BEA WebLogic Express and WebLogic Server 7.0 and 7.0.0.1, stores passwords in plaintext when a keystore is used to store a private key or trust certificate authorities, which allows local users to gain access.

  • CVE-2003-1226Dec 31, 2003
    risk 0.00cvss epss 0.00

    BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores certain secrets concerning password encryption insecurely in config.xml, filerealm.properties, and weblogic-rar.xml, which allows local users to learn those secrets and decrypt passwords.