VYPR
Vendor

Bea

Products
23
CVEs
191
Across products
286
Status
Private

Products

23

Recent CVEs

191
View all 191 CVEs →
  • CVE-2005-1744CriMay 24, 2005
    risk 0.64cvss 9.8epss 0.02

    BEA WebLogic Server and WebLogic Express 7.0 through Service Pack 5 does not log out users when an application is redeployed, which allows those users to continue to access the application without having to log in again, which may be in violation of newly changed security…

  • CVE-2000-0499HigJun 8, 2000
    risk 0.49cvss 7.5epss 0.03

    The default configuration of BEA WebLogic 3.1.8 through 4.5.1 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case.

  • CVE-2004-2320MedDec 31, 2004
    risk 0.35cvss 5.3epss 0.03

    The default configuration of BEA WebLogic Server and Express 8.1 SP2 and earlier, 7.0 SP4 and earlier, 6.1 through SP6, and 5.1 through SP13 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in…

  • CVE-2008-3257Jul 22, 2008
    risk 0.10cvss epss 0.84

    Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP…

  • CVE-2004-0204Aug 6, 2004
    risk 0.09cvss epss 0.73

    Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows…

  • CVE-2001-0098Feb 12, 2001
    risk 0.09cvss epss 0.78

    Buffer overflow in Bea WebLogic Server before 5.1.0 allows remote attackers to execute arbitrary commands via a long URL that begins with a ".." string.

  • CVE-2008-5457Jan 14, 2009
    risk 0.08cvss epss 0.61

    Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via…

  • CVE-2008-4008Oct 14, 2008
    risk 0.08cvss epss 0.56

    Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the…

  • CVE-2010-2375Jul 13, 2010
    risk 0.04cvss epss 0.07

    Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and…

  • CVE-2007-6198Dec 1, 2007
    risk 0.04cvss epss 0.07

    portal/server.pt in the Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 and 6.0.1.218452 allows wildcards in advanced searches for usernames, which allows remote attackers to enumerate valid usernames via the in_tx_fulltext parameter.

  • CVE-2003-0621Dec 1, 2003
    risk 0.04cvss epss 0.07

    The Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to determine the existence of files outside the web root via modified paths in the INIFILE argument.

  • CVE-2002-0106Mar 25, 2002
    risk 0.04cvss epss 0.07

    BEA Systems Weblogic Server 6.1 allows remote attackers to cause a denial of service via a series of requests to .JSP files that contain an MS-DOS device name.

  • CVE-2000-0684Oct 20, 2000
    risk 0.04cvss epss 0.12

    BEA WebLogic 5.1.x does not properly restrict access to the JSPServlet, which could allow remote attackers to compile and execute Java JSP code by directly invoking the servlet on any source file.

  • CVE-2000-0681Oct 20, 2000
    risk 0.04cvss epss 0.51

    Buffer overflow in BEA WebLogic server proxy plugin allows remote attackers to execute arbitrary commands via a long URL with a .JSP extension.

  • CVE-2000-0685Oct 20, 2000
    risk 0.04cvss epss 0.12

    BEA WebLogic 5.1.x does not properly restrict access to the PageCompileServlet, which could allow remote attackers to compile and execute Java JHTML code by directly invoking the servlet on any source file.

  • CVE-2005-1380May 3, 2005
    risk 0.03cvss epss 0.05

    Cross-site scripting (XSS) vulnerability in BEA Admin Console 8.1 allows remote attackers to execute arbitrary web script or HTML via the server parameter to a JndiFramesetAction action.

  • CVE-2003-0624Dec 1, 2003
    risk 0.03cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in InteractiveQuery.jsp for BEA WebLogic 8.1 and earlier allows remote attackers to inject malicious web script via the person parameter.

  • CVE-2000-0500Jun 21, 2000
    risk 0.03cvss epss 0.05

    The default configuration of BEA WebLogic 5.1.0 allows a remote attacker to view source code of programs by requesting a URL beginning with /file/, which causes the default servlet to display the file without further processing.

  • CVE-2007-2699May 16, 2007
    risk 0.02cvss epss 0.31

    The Administration Console in BEA WebLogic Express and WebLogic Server 9.0 and 9.1 does not properly enforce certain Domain Security Policies, which allows remote administrative users in the Deployer role to upload arbitrary files.

  • CVE-2008-0900Feb 22, 2008
    risk 0.01cvss epss 0.10

    Session fixation vulnerability in BEA WebLogic Server and Express 8.1 SP4 through SP6, 9.2 through MP1, and 10.0 allows remote authenticated users to hijack web sessions via unknown vectors.