Filtered by vendor Bea
Subscribe
Total
159 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2007-0422 | 1 Bea | 1 Weblogic Server | 2011-03-07 | 5.0 MEDIUM | N/A |
BEA WebLogic Server 9.0, 9.1, and 9.2 Gold, when running on Solaris 9, allows remote attackers to cause a denial of service (server inaccessibility) via manipulated socket connections. | |||||
CVE-2007-0425 | 1 Bea | 2 Jrockit, Weblogic Server | 2011-03-07 | 7.5 HIGH | N/A |
Unspecified vulnerability in BEA WebLogic Platform and Server 8.1 through 8.1 SP5, and JRockit 1.4.2 R4.5 and earlier, allows attackers to gain privileges via unspecified vectors, related to an "overflow condition," probably a buffer overflow. | |||||
CVE-2007-0424 | 1 Bea | 1 Weblogic Server | 2011-03-07 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in the BEA WebLogic Server proxy plug-in for Netscape Enterprise Server before September 2006 for Netscape Enterprise Server allow remote attackers to cause a denial of service via certain requests that trigger errors that lead to a server being marked as unavailable, hosting web server failure, or CPU consumption. | |||||
CVE-2007-4614 | 1 Bea | 1 Weblogic Server | 2008-11-12 | 7.5 HIGH | N/A |
BEA WebLogic Server 9.1 does not properly handle propagation of an admin server's security policy change log to temporarily unavailable managed servers, which might allow attackers to bypass intended restrictions, a different vulnerability than CVE-2007-0426. | |||||
CVE-2007-0434 | 1 Bea | 1 Aqualogic Enterprise Security | 2008-11-12 | 4.6 MEDIUM | N/A |
BEA AquaLogic Enterprise Security 2.0 through 2.0 SP2, 2.1 through 2.1 SP1, and 2.2 does not properly set the severity level of audit events when the system load is high, which might make it easier for attackers to avoid detection. | |||||
CVE-2007-0432 | 1 Bea | 1 Aqualogic Service Bus | 2008-11-12 | 7.5 HIGH | N/A |
BEA AquaLogic Service Bus 2.0, 2.1, and 2.5 does not properly reject malformed request messages to a proxy service, which might allow remote attackers to bypass authorization policies and route requests to back-end services or conduct other unauthorized activities. | |||||
CVE-2007-0433 | 1 Bea | 1 Aqualogic Service Bus | 2008-11-12 | 6.5 MEDIUM | N/A |
Unspecified vulnerability in BEA AquaLogic Enterprise Security 2.0 through 2.0 SP2, 2.1 through 2.1 SP1, and 2.2, when using Active Directory LDAP for authentication, allows remote authenticated users to access the server even after the account has been disabled. | |||||
CVE-2003-1224 | 1 Bea | 1 Weblogic Server | 2008-09-10 | 2.1 LOW | N/A |
Weblogic.admin for BEA WebLogic Server and Express 7.0 and 7.0.0.1 displays the JDBCConnectionPoolRuntimeMBean password to the screen in cleartext, which allows attackers to read a user's password by physically observing ("shoulder surfing") the screen. | |||||
CVE-2003-1220 | 1 Bea | 1 Weblogic Server | 2008-09-10 | 5.0 MEDIUM | N/A |
BEA WebLogic Server proxy plugin for BEA Weblogic Express and Server 6.1 through 8.1 SP 1 allows remote attackers to cause a denial of service (proxy plugin crash) via a malformed URL. | |||||
CVE-2003-1222 | 1 Bea | 1 Weblogic Server | 2008-09-10 | 5.0 MEDIUM | N/A |
BEA Weblogic Express and Server 8.0 through 8.1 SP 1, when using a foreign Java Message Service (JMS) provider, echoes the password for the foreign provider to the console and stores it in cleartext in config.xml, which could allow attackers to obtain the password. | |||||
CVE-2003-1223 | 1 Bea | 1 Weblogic Server | 2008-09-10 | 5.0 MEDIUM | N/A |
The Node Manager for BEA WebLogic Express and Server 6.1 through 8.1 SP 1 allows remote attackers to cause a denial of service (Node Manager crash) via malformed data to the Node Manager's port, as demonstrated by nmap. | |||||
CVE-2003-1225 | 1 Bea | 1 Weblogic Server | 2008-09-10 | 2.1 LOW | N/A |
The default CredentialMapper for BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores passwords in cleartext on disk, which allows local users to extract passwords. | |||||
CVE-2003-1226 | 1 Bea | 1 Weblogic Server | 2008-09-10 | 2.1 LOW | N/A |
BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores certain secrets concerning password encryption insecurely in config.xml, filerealm.properties, and weblogic-rar.xml, which allows local users to learn those secrets and decrypt passwords. | |||||
CVE-2003-1221 | 1 Bea | 1 Weblogic Server | 2008-09-10 | 5.0 MEDIUM | N/A |
BEA WebLogic Express and Server 7.0 through 8.1 SP 1, under certain circumstances when a request to use T3 over SSL (t3s) is made to the insecure T3 port, may use a non-SSL connection for the communication, which could allow attackers to sniff sessions. | |||||
CVE-2002-2141 | 1 Bea | 1 Weblogic Server | 2008-09-10 | 7.5 HIGH | N/A |
BEA WebLogic Server and Express 7.0 and 7.0.0.1, when running Servlets and Enterprise JavaBeans (EJB) on more than one server, will remove the security constraints and roles on all servers for any Servlets or EJB that are used by an application that is undeployed on one server, which could allow remote attackers to conduct unauthorized activities in violation of the intended restrictions. | |||||
CVE-2002-2142 | 1 Bea | 2 Weblogic Integration, Weblogic Server | 2008-09-10 | 7.5 HIGH | N/A |
An undocumented extension for the Servlet mappings in the Servlet 2.3 specification, when upgrading to WebLogic Server and Express 7.0 Service Pack 1 from BEA WebLogic Server and Express 6.0 through 7.0.0.1, does not prepend a "/" character in certain URL patterns, which prevents the proper enforcement of role mappings and policies in applications that use the extension. | |||||
CVE-2002-2177 | 1 Bea | 1 Weblogic Server | 2008-09-10 | 2.6 LOW | N/A |
BEA WebLogic Server and Express 6.1 through 7.0.0.1 buffers HTTP requests in a way that can cause BEA to send the same response for two different HTTP requests, which could allow remote attackers to obtain sensitive information that was intended for other users. | |||||
CVE-2000-0684 | 1 Bea | 1 Weblogic Server | 2008-09-10 | 10.0 HIGH | N/A |
BEA WebLogic 5.1.x does not properly restrict access to the JSPServlet, which could allow remote attackers to compile and execute Java JSP code by directly invoking the servlet on any source file. | |||||
CVE-2000-0685 | 1 Bea | 1 Weblogic Server | 2008-09-10 | 10.0 HIGH | N/A |
BEA WebLogic 5.1.x does not properly restrict access to the PageCompileServlet, which could allow remote attackers to compile and execute Java JHTML code by directly invoking the servlet on any source file. | |||||
CVE-2006-0420 | 1 Bea | 1 Weblogic Server | 2008-09-05 | 5.0 MEDIUM | N/A |
BEA WebLogic Server and WebLogic Express 8.1 through SP4 and 7.0 through SP6 does not properly handle when servlets use relative forwarding, which allows remote attackers to cause a denial of service (slowdown) via unknown attack vectors that cause "looping stack overflow errors." |