CVSS: 7.5EPSS: 1%CPEs: 15EXPL: 0CVE-2004-2424
https://notcve.org/view.php?id=CVE-2004-2424
31 Dec 2004 — BEA WebLogic Server and WebLogic Express 8.1 through 8.1 SP2 allow remote attackers to cause a denial of service (network port consumption) via unknown actions in HTTPS sessions, which prevents the server from releasing the network port when the session ends. • http://dev2dev.bea.com/pub/advisory/7 •
CVSS: 9.1EPSS: 0%CPEs: 61EXPL: 0CVE-2004-2696
https://notcve.org/view.php?id=CVE-2004-2696
31 Dec 2004 — BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, when using Remote Method Invocation (RMI) over Internet Inter-ORB Protocol (IIOP), does not properly handle when multiple logins for different users coming from the same client, which could cause an "unexpected user identity" to be used in an RMI call. • http://dev2dev.bea.com/pub/advisory/59 • CWE-255: Credentials Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 21EXPL: 0CVE-2004-0711
https://notcve.org/view.php?id=CVE-2004-0711
21 Jul 2004 — The URL pattern matching feature in BEA WebLogic Server 6.x matches illegal patterns ending in "*" as wildcards as if they were the legal "/*" pattern, which could cause WebLogic 7.x to allow remote attackers to bypass intended access restrictions because the illegal patterns are properly rejected. La característica de coincidencia de patrones en URL de WebLogic Server 6.x encuentra coincidencias en patrones ilegales terminados en "*" como comodines como si fueran el patrón legal "/", lo que podría causar q... • http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_56.00.jsp •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2004-0712
https://notcve.org/view.php?id=CVE-2004-0712
21 Jul 2004 — The configuration tools (1) config.sh in Unix or (2) config.cmd in Windows for BEA WebLogic Server 8.1 through SP2 create a log file that contains the administrative username and password in cleartext, which could allow local users to gain privileges. Las herramientes de configuracion (1) config.sh en Unix o (2) config.cmd en Windows de BEA WebLogic Server 8.1 a SP2 crean un fichero de registro que contiene el nombre y la contraseña del administrador en texto claro, lo que podría permitir a usuarios locales... • http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_58.00.jsp •
CVSS: 6.5EPSS: 0%CPEs: 44EXPL: 0CVE-2004-0713
https://notcve.org/view.php?id=CVE-2004-0713
21 Jul 2004 — The remove method in a stateful Enterprise JavaBean (EJB) in BEA WebLogic Server and WebLogic Express version 8.1 through SP2, 7.0 through SP4, and 6.1 through SP6, does not properly check EJB permissions before unexporting a bean, which allows remote authenticated users to remove EJB objects from remote views before the security exception is thrown. El método remove en una Enterprise JavaBean (EJB) con estado en BEA WebLogic Server y WebLogic Express version 8.1 hasta SP2, 7.0 hasta SP4, y 6.1 a SP6, no co... • http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_57.00.jsp •
CVSS: 9.8EPSS: 2%CPEs: 24EXPL: 0CVE-2004-0715
https://notcve.org/view.php?id=CVE-2004-0715
21 Jul 2004 — The WebLogic Authentication provider for BEA WebLogic Server and WebLogic Express 8.1 through SP2 and 7.0 through SP4 does not properly clear member relationships when a group is deleted, which can cause a new group with the same name to have the members of the old group, which allows group members to gain privileges. El proveedor de Autenticación WebLogic en BEA WebLogic Server y WebLogic Express 8.1 hasta SP2 y 7.0 hasta SP4 no elimina relaciones entre miembros cuando se borra un grupo, lo que puede causa... • http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_52.01.jsp •
CVSS: 9.1EPSS: 0%CPEs: 37EXPL: 0CVE-2004-0652
https://notcve.org/view.php?id=CVE-2004-0652
13 Jul 2004 — BEA WebLogic Server and WebLogic Express 7.0 through 7.0 Service Pack 4, and 8.1 through 8.1 Service Pack 2, allows attackers to obtain the username and password for booting the server by directly accessing certain internal methods. BEA WebLogic Server y WebLogic Express 7.0 a 7.0 Service Pack 4, y 8.1 a 8.1 Service Pack 2 permiten a atacantes obtener el nombre de usuario y contraseña para arrancar el servidor accediendo directamente a ciertos métodos internos. • http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_55.00.jsp •
CVSS: 9.1EPSS: 80%CPEs: 19EXPL: 2CVE-2004-0204 – Business Objects Crystal Reports 9/10 Web Form Viewer - Directory Traversal
https://notcve.org/view.php?id=CVE-2004-0204
11 Jun 2004 — Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via ".." sequences in the dynamicimag argument to crystalimagehandler.aspx. Vulnerabilidad de atravesamiento de directorios en los visores web de Business Objects Crystal Reports 9... • https://www.exploit-db.com/exploits/24077 •
CVSS: 9.1EPSS: 2%CPEs: 4EXPL: 0CVE-2004-0470
https://notcve.org/view.php?id=CVE-2004-0470
20 May 2004 — BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 through SP2, when editing weblogic.xml using WebLogic Builder or the SecurityRoleAssignmentMBean.toXML method, inadvertently removes security-role-assignment tags when weblogic.xml does not have a principal-name tag, which can remove intended access restrictions for the associated web application. BEA WebLogic Server y WebLocic Express 7.0 hasta SP5 y 8.1 hasta SP2, cuando se edita weblogic.xml usando WebLocic Builder o el método SecurityRoleA... • http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_59.00.jsp •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2004-0471
https://notcve.org/view.php?id=CVE-2004-0471
20 May 2004 — BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 through SP2 does not enforce site restrictions for starting and stopping servers for users in the Admin and Operator security roles, which allows unauthorized users to cause a denial of service (service shutdown). BEA WebLogic Server y WebLocic Express 7.0 hasta SP5 y 8.1 hasta SP2 no hace cumplir las restricciones de sitio para iniciar y parar servidores a usuarios en los papeles de seguridad Admin y Operator, lo que permite a usuarios no aut... • http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_60.00.jsp •