VYPR

WebLogic Express

by Bea

CVEs (69)

  • CVE-2003-1223Dec 31, 2003
    risk 0.00cvss epss 0.01

    The Node Manager for BEA WebLogic Express and Server 6.1 through 8.1 SP 1 allows remote attackers to cause a denial of service (Node Manager crash) via malformed data to the Node Manager's port, as demonstrated by nmap.

  • CVE-2003-1220Dec 31, 2003
    risk 0.00cvss epss 0.01

    BEA WebLogic Server proxy plugin for BEA Weblogic Express and Server 6.1 through 8.1 SP 1 allows remote attackers to cause a denial of service (proxy plugin crash) via a malformed URL.

  • CVE-2003-1438Dec 31, 2003
    risk 0.00cvss epss 0.01

    Race condition in BEA WebLogic Server and Express 5.1 through 7.0.0.1, when using in-memory session replication or replicated stateful session beans, causes the same buffer to be provided to two users, which could allow one user to see session data that was intended for another…

  • CVE-2003-1221Dec 31, 2003
    risk 0.00cvss epss 0.01

    BEA WebLogic Express and Server 7.0 through 8.1 SP 1, under certain circumstances when a request to use T3 over SSL (t3s) is made to the insecure T3 port, may use a non-SSL connection for the communication, which could allow attackers to sniff sessions.

  • CVE-2003-0640Aug 27, 2003
    risk 0.00cvss epss 0.02

    BEA WebLogic Server and Express, when using NodeManager to start servers, provides Operator users with privileges to overwrite usernames and passwords, which may allow Operators to gain Admin privileges.

  • CVE-2003-1095Mar 18, 2003
    risk 0.00cvss epss 0.00

    BEA WebLogic Server and Express 7.0 and 7.0.0.1, when using "memory" session persistence for web applications, does not clear authentication information when a web application is redeployed, which could allow users of that application to gain access without having to…

  • CVE-2002-2177Dec 31, 2002
    risk 0.00cvss epss 0.01

    BEA WebLogic Server and Express 6.1 through 7.0.0.1 buffers HTTP requests in a way that can cause BEA to send the same response for two different HTTP requests, which could allow remote attackers to obtain sensitive information that was intended for other users.

  • CVE-2002-2141Dec 31, 2002
    risk 0.00cvss epss 0.02

    BEA WebLogic Server and Express 7.0 and 7.0.0.1, when running Servlets and Enterprise JavaBeans (EJB) on more than one server, will remove the security constraints and roles on all servers for any Servlets or EJB that are used by an application that is undeployed on one server,…

  • CVE-2000-1238Dec 31, 2000
    risk 0.00cvss epss 0.03

    BEA Systems WebLogic Express and WebLogic Server 5.1 SP1-SP6 allows remote attackers to bypass access controls for restricted JSP or servlet pages via a URL with multiple / (forward slash) characters before the restricted pages.

Page 4 of 4