VYPR

Vendor CVEs

Bea

All CVEs

191 total · sorted by risk
  • CVE-2005-1744CriMay 24, 2005
    risk 0.64cvss 9.8epss 0.02

    BEA WebLogic Server and WebLogic Express 7.0 through Service Pack 5 does not log out users when an application is redeployed, which allows those users to continue to access the application without having to log in again, which may be in violation of newly changed security…

  • CVE-2000-0499HigJun 8, 2000
    risk 0.49cvss 7.5epss 0.03

    The default configuration of BEA WebLogic 3.1.8 through 4.5.1 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case.

  • CVE-2004-2320MedDec 31, 2004
    risk 0.35cvss 5.3epss 0.03

    The default configuration of BEA WebLogic Server and Express 8.1 SP2 and earlier, 7.0 SP4 and earlier, 6.1 through SP6, and 5.1 through SP13 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in…

  • CVE-2008-3257Jul 22, 2008
    risk 0.10cvss epss 0.84

    Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP…

  • CVE-2004-0204Aug 6, 2004
    risk 0.09cvss epss 0.73

    Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows…

  • CVE-2001-0098Feb 12, 2001
    risk 0.09cvss epss 0.78

    Buffer overflow in Bea WebLogic Server before 5.1.0 allows remote attackers to execute arbitrary commands via a long URL that begins with a ".." string.

  • CVE-2008-5457Jan 14, 2009
    risk 0.08cvss epss 0.61

    Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via…

  • CVE-2008-4008Oct 14, 2008
    risk 0.08cvss epss 0.56

    Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the…

  • CVE-2010-2375Jul 13, 2010
    risk 0.04cvss epss 0.07

    Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and…

  • CVE-2007-6198Dec 1, 2007
    risk 0.04cvss epss 0.07

    portal/server.pt in the Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 and 6.0.1.218452 allows wildcards in advanced searches for usernames, which allows remote attackers to enumerate valid usernames via the in_tx_fulltext parameter.

  • CVE-2003-0621Dec 1, 2003
    risk 0.04cvss epss 0.07

    The Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to determine the existence of files outside the web root via modified paths in the INIFILE argument.

  • CVE-2002-0106Mar 25, 2002
    risk 0.04cvss epss 0.07

    BEA Systems Weblogic Server 6.1 allows remote attackers to cause a denial of service via a series of requests to .JSP files that contain an MS-DOS device name.

  • CVE-2000-0681Oct 20, 2000
    risk 0.04cvss epss 0.51

    Buffer overflow in BEA WebLogic server proxy plugin allows remote attackers to execute arbitrary commands via a long URL with a .JSP extension.

  • CVE-2000-0685Oct 20, 2000
    risk 0.04cvss epss 0.12

    BEA WebLogic 5.1.x does not properly restrict access to the PageCompileServlet, which could allow remote attackers to compile and execute Java JHTML code by directly invoking the servlet on any source file.

  • CVE-2000-0684Oct 20, 2000
    risk 0.04cvss epss 0.12

    BEA WebLogic 5.1.x does not properly restrict access to the JSPServlet, which could allow remote attackers to compile and execute Java JSP code by directly invoking the servlet on any source file.

  • CVE-2005-1380May 3, 2005
    risk 0.03cvss epss 0.05

    Cross-site scripting (XSS) vulnerability in BEA Admin Console 8.1 allows remote attackers to execute arbitrary web script or HTML via the server parameter to a JndiFramesetAction action.

  • CVE-2003-0624Dec 1, 2003
    risk 0.03cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in InteractiveQuery.jsp for BEA WebLogic 8.1 and earlier allows remote attackers to inject malicious web script via the person parameter.

  • CVE-2000-0500Jun 21, 2000
    risk 0.03cvss epss 0.05

    The default configuration of BEA WebLogic 5.1.0 allows a remote attacker to view source code of programs by requesting a URL beginning with /file/, which causes the default servlet to display the file without further processing.

  • CVE-2007-2699May 16, 2007
    risk 0.02cvss epss 0.31

    The Administration Console in BEA WebLogic Express and WebLogic Server 9.0 and 9.1 does not properly enforce certain Domain Security Policies, which allows remote administrative users in the Deployer role to upload arbitrary files.

  • CVE-2008-0900Feb 22, 2008
    risk 0.01cvss epss 0.10

    Session fixation vulnerability in BEA WebLogic Server and Express 8.1 SP4 through SP6, 9.2 through MP1, and 10.0 allows remote authenticated users to hijack web sessions via unknown vectors.

  • CVE-2009-1016Apr 15, 2009
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote authenticated users to affect confidentiality, integrity, and availability, related to IIS. NOTE: the previous information was…

  • CVE-2009-1006Apr 15, 2009
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the JRockit component in BEA Product Suite R27.6.2 and earlier, with SDK/JRE 1.4.2, JRE/JDK 5, and JRE/JDK 6, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

  • CVE-2009-1004Apr 15, 2009
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3 allows remote attackers to affect confidentiality and integrity via unknown vectors.

  • CVE-2009-1003Apr 15, 2009
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, and 9.0 allows remote attackers to affect integrity via unknown vectors related to "access to source code of web pages."

  • CVE-2008-5462Jan 14, 2009
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in the WebLogic Portal component in BEA Product Suite 10.3, 10.2, 10.0 MP1, 9.2 MP3, and 8.1 SP6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

  • CVE-2008-5461Jan 14, 2009
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0, and SP7 allows remote attackers to affect confidentiality, integrity, and availability, related to WLS. NOTE: the previous information was obtained…

  • CVE-2008-5460Jan 14, 2009
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, and 9.0 allows remote attackers to affect confidentiality via unknown vectors.

  • CVE-2008-5459Jan 14, 2009
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3 allows remote attackers to affect confidentiality via unknown vectors.

  • CVE-2008-4013Oct 14, 2008
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

  • CVE-2008-4012Oct 14, 2008
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in the WebLogic Workshop component in BEA Product Suite WLW 8.1SP5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to "some NetUI pageflows."

  • CVE-2008-4011Oct 14, 2008
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, and 9.0 allows remote authenticated users to affect integrity via unknown vectors.

  • CVE-2008-4010Oct 14, 2008
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in the WebLogic Workshop component in BEA Product Suite 10.3, 10.2, 10.0 MP1, 9.2 MP3, and 8.1 SP6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to "some NetUI tags."

  • CVE-2008-4009Oct 14, 2008
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 9.1, when configuring multiple authorizers, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

  • CVE-2008-0903Feb 22, 2008
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in the BEA WebLogic Server and Express proxy plugin, as distributed before November 2007 and before 9.2 MP3 and 10.0 MP2, allows remote attackers to cause a denial of service (web server crash) via a crafted URL.

  • CVE-2008-0896Feb 22, 2008
    risk 0.00cvss epss 0.01

    BEA WebLogic Portal 10.0 and 9.2 through MP1, when an administrator deletes a single instance of a content portlet, removes entitlement policies for other content portlets, which allows attackers to bypass intended access restrictions.

  • CVE-2008-0895Feb 22, 2008
    risk 0.00cvss epss 0.02

    BEA WebLogic Server and WebLogic Express 6.1 through 10.0 allows remote attackers to bypass authentication for application servlets via crafted request headers.

  • CVE-2008-0902Feb 22, 2008
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 6.1 through 10.0 MP1 allow remote attackers to inject arbitrary web script or HTML via unspecified samples. NOTE: this might be the same issue as CVE-2007-2694.

  • CVE-2008-0898Feb 22, 2008
    risk 0.00cvss epss 0.01

    The distributed queue feature in JMS in BEA WebLogic Server 9.0 through 10.0, in certain configurations, does not properly handle when a client cannot send a message to a member of a distributed queue, which allows remote authenticated users to bypass intended access…

  • CVE-2008-0901Feb 22, 2008
    risk 0.00cvss epss 0.02

    BEA WebLogic Server and Express 7.0 through 10.0 allows remote attackers to conduct brute force password guessing attacks, even when account lockout has been activated, via crafted URLs that indicate whether a guessed password is successful or not.

  • CVE-2008-0899Feb 22, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Administration Console in BEA WebLogic Server and Express 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via URLs that are not properly handled by the Unexpected Exception Page.

  • CVE-2008-0904Feb 22, 2008
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in the download servlet in BEA Plumtree Collaboration 4.1 through SP2 and AquaLogic Interaction 4.2 through MP1 allows remote attackers to read arbitrary files via a crafted URL.

  • CVE-2008-0897Feb 22, 2008
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in BEA WebLogic Server 9.0 through 10.0 allows remote authenticated users without "receive" permissions to bypass intended access restrictions and receive messages from a standalone JMS Topic or secured Distributed Topic member destination, related to…

  • CVE-2008-0870Feb 21, 2008
    risk 0.00cvss epss 0.01

    BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 2, under certain circumstances, can redirect a user from the https:// URI for the Portal Administration Console to an http URI, which allows remote attackers to sniff the session.

  • CVE-2008-0869Feb 21, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive…

  • CVE-2008-0866Feb 21, 2008
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Workshop allow remote attackers to inject arbitrary web script or HTML via an invalid action URI, which is not properly handled by NetUI page flows.

  • CVE-2008-0865Feb 21, 2008
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP6 allows remote attackers to bypass entitlements for instances of a floatable WLP portlet via unknown vectors.

  • CVE-2008-0867Feb 21, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in portal/server.pt in BEA AquaLogic Interaction 6.1 through MP1 and Plumtree Foundation 6.0 through SP1 allows remote attackers to inject arbitrary web script or HTML via the name parameter.

  • CVE-2008-0864Feb 21, 2008
    risk 0.00cvss epss 0.02

    Admin Tools in BEA WebLogic Portal 8.1 SP3 through SP6 can inadvertently remove entitlements for pages when an administrator edits the page definition label, which might allow remote attackers to bypass intended access restrictions.

  • CVE-2008-0868Feb 21, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Groupspace in BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 1 allows remote authenticated users to inject arbitrary web script or HTML via unknown vectors.

  • CVE-2008-0863Feb 21, 2008
    risk 0.00cvss epss 0.01

    BEA WebLogic Server and WebLogic Express 9.0 and 9.1 exposes the web service's WSDL and security policies, which allows remote attackers to obtain sensitive information and potentially launch further attacks.

Page 1 of 4