Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Bea Subscribe
Total 159 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-0419 1 Bea 1 Weblogic Server 2008-09-05 6.4 MEDIUM N/A
BEA WebLogic Server and WebLogic Express 9.0, 8.1 through SP5, and 7.0 through SP6 allows anonymous binds to the embedded LDAP server, which allows remote attackers to read user entries or cause a denial of service (unspecified) via a large number of connections.
CVE-2005-4750 1 Bea 1 Weblogic Server 2008-09-05 7.5 HIGH N/A
BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP5 and earlier, and 6.1 SP7 and earlier allow remote attackers to cause a denial of service (server thread hang) via unknown attack vectors.
CVE-2005-4763 1 Bea 1 Weblogic Server 2008-09-05 7.5 HIGH N/A
BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier, when Internet Inter-ORB Protocol (IIOP) is used, sometimes include a password in an exception message that is sent to a client or stored in a log file, which might allow remote attackers to perform unauthorized actions.
CVE-2005-4759 1 Bea 1 Weblogic Server 2008-09-05 5.0 MEDIUM N/A
BEA WebLogic Server and WebLogic Express 8.1 and 7.0, during a migration across operating system platforms, do not warn the administrative user about platform differences in URLResource case sensitivity, which might cause local users to inadvertently lose protection of Web Application pages.
CVE-2005-4761 1 Bea 1 Weblogic Server 2008-09-05 1.2 LOW N/A
BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP5 and earlier, and 6.1 SP7 and earlier log the Java command line at server startup, which might include sensitive information (passwords or keyphrases) in the server log file when the -D option is used.
CVE-2005-4762 1 Bea 1 Weblogic Server 2008-09-05 7.2 HIGH N/A
BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier sometimes stores the boot password in the registry in cleartext, which might allow local users to gain administrative privileges.
CVE-2005-4764 1 Bea 1 Weblogic Server 2008-09-05 7.8 HIGH N/A
BEA WebLogic Server and WebLogic Express 9.0, 8.1, and 7.0 lock out the admin user account after multiple incorrect password guesses, which allows remote attackers who know or guess the admin account name to cause a denial of service (blocked admin logins).
CVE-2005-4765 1 Bea 1 Weblogic Server 2008-09-05 7.6 HIGH N/A
BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier and 7.0 SP6 and earlier, when using the weblogic.Deployer command with the t3 protocol, does not use the secure t3s protocol even when an Administration port is enabled on the Administration server, which might allow remote attackers to sniff the connection.
CVE-2005-4766 1 Bea 1 Weblogic Server 2008-09-05 5.4 MEDIUM N/A
BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP5 and earlier, do not encrypt multicast traffic, which might allow remote attackers to read sensitive cluster synchronization messages by sniffing the multicast traffic.
CVE-2005-4767 1 Bea 1 Weblogic Server 2008-09-05 5.1 MEDIUM N/A
BEA WebLogic Server and WebLogic Express 8.1 SP5 and earlier, and 7.0 SP6 and earlier, when using username/password authentication, does not lock out a username after the maximum number of invalid login attempts, which makes it easier for remote attackers to guess the password.
CVE-2005-4704 1 Bea 1 Weblogic Server 2008-09-05 5.0 MEDIUM N/A
Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 8.1 through SP3, 7.0 through SP6, and 6.1 through SP7, when SSL is intended to be used, causes an unencrypted protocol to be used in certain unspecified circumstances, which causes user credentials to be sent across the network in cleartext and allows remote attackers to gain privileges.
CVE-2005-4705 1 Bea 1 Weblogic Server 2008-09-05 5.0 MEDIUM N/A
BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7, when a Java client application creates an SSL connection to the server after it has already created an insecure connection, will use the insecure connection, which allows remote attackers to sniff the connection.
CVE-2005-0432 1 Bea 1 Weblogic Server 2008-09-05 5.0 MEDIUM N/A
BEA WebLogic Server 7.0 Service Pack 5 and earlier, and 8.1 Service Pack 3 and earlier, generates different login exceptions that suggest why an authentication attempt fails, which makes it easier for remote attackers to guess passwords via brute force attacks.
CVE-2003-0733 1 Bea 3 Liquid Data, Weblogic Integration, Weblogic Server 2008-09-05 6.8 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in WebLogic Integration 7.0 and 2.0, Liquid Data 1.1, and WebLogic Server and Express 5.1 through 7.0, allow remote attackers to execute arbitrary web script and steal authentication credentials via (1) a forward instruction to the Servlet container or (2) other vulnerabilities in the WebLogic Server console application.
CVE-2003-0640 1 Bea 1 Weblogic Server 2008-09-05 10.0 HIGH N/A
BEA WebLogic Server and Express, when using NodeManager to start servers, provides Operator users with privileges to overwrite usernames and passwords, which may allow Operators to gain Admin privileges.
CVE-2002-1030 1 Bea 1 Weblogic Server 2008-09-05 2.6 LOW N/A
Race condition in Performance Pack in BEA WebLogic Server and Express 5.1.x, 6.0.x, 6.1.x and 7.0 allows remote attackers to cause a denial of service (crash) via a flood of data and connections.
CVE-2000-0681 1 Bea 1 Weblogic Server 2008-09-05 10.0 HIGH N/A
Buffer overflow in BEA WebLogic server proxy plugin allows remote attackers to execute arbitrary commands via a long URL with a .JSP extension.
CVE-2000-0682 1 Bea 1 Weblogic Server 2008-09-05 5.0 MEDIUM N/A
BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /ConsoleHelp/ into the URL, which invokes the FileServlet.
CVE-2000-0683 1 Bea 1 Weblogic Server 2008-09-05 5.0 MEDIUM N/A
BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /*.shtml/ into the URL, which invokes the SSIServlet.