Page 16 of 88 results (0.005 seconds)

CVSS: 7.5EPSS: 0%CPEs: 21EXPL: 0

The URL pattern matching feature in BEA WebLogic Server 6.x matches illegal patterns ending in "*" as wildcards as if they were the legal "/*" pattern, which could cause WebLogic 7.x to allow remote attackers to bypass intended access restrictions because the illegal patterns are properly rejected. La característica de coincidencia de patrones en URL de WebLogic Server 6.x encuentra coincidencias en patrones ilegales terminados en "*" como comodines como si fueran el patrón legal "/", lo que podría causar que usuarios remotos se saltaran las restricciones de acceso pretendidas porque los patrones ilegales son rechazados adecuadamente. • http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_56.00.jsp http://www.kb.cert.org/vuls/id/184558 http://www.securityfocus.com/bid/10184 https://exchange.xforce.ibmcloud.com/vulnerabilities/15927 •

CVSS: 6.4EPSS: 1%CPEs: 44EXPL: 0

The remove method in a stateful Enterprise JavaBean (EJB) in BEA WebLogic Server and WebLogic Express version 8.1 through SP2, 7.0 through SP4, and 6.1 through SP6, does not properly check EJB permissions before unexporting a bean, which allows remote authenticated users to remove EJB objects from remote views before the security exception is thrown. El método remove en una Enterprise JavaBean (EJB) con estado en BEA WebLogic Server y WebLogic Express version 8.1 hasta SP2, 7.0 hasta SP4, y 6.1 a SP6, no comprueba adecuadamente permisos EJB antes de dejar de exportar una habichuela (bean), lo que permite a usuarios remotos autenticados eliminar objetos EJB de vistas remotas antes de que se lance la excepción de seguridad. • http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_57.00.jsp http://www.kb.cert.org/vuls/id/658878 http://www.securityfocus.com/bid/10185 https://exchange.xforce.ibmcloud.com/vulnerabilities/15928 •

CVSS: 5.1EPSS: 0%CPEs: 24EXPL: 0

The WebLogic Authentication provider for BEA WebLogic Server and WebLogic Express 8.1 through SP2 and 7.0 through SP4 does not properly clear member relationships when a group is deleted, which can cause a new group with the same name to have the members of the old group, which allows group members to gain privileges. El proveedor de Autenticación WebLogic en BEA WebLogic Server y WebLogic Express 8.1 hasta SP2 y 7.0 hasta SP4 no elimina relaciones entre miembros cuando se borra un grupo, lo que puede causar que un nuevo grupo con el mismo nombre tenga miembros del grupo antiguo, lo que permite a miembros del grupo ganar privilegios. • http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_52.01.jsp http://secunia.com/advisories/11356 http://securitytracker.com/id?1009763 http://www.kb.cert.org/vuls/id/470470 http://www.osvdb.org/5299 http://www.securityfocus.com/bid/10130 https://exchange.xforce.ibmcloud.com/vulnerabilities/15861 •

CVSS: 7.2EPSS: 0%CPEs: 37EXPL: 0

BEA WebLogic Server and WebLogic Express 7.0 through 7.0 Service Pack 4, and 8.1 through 8.1 Service Pack 2, allows attackers to obtain the username and password for booting the server by directly accessing certain internal methods. BEA WebLogic Server y WebLogic Express 7.0 a 7.0 Service Pack 4, y 8.1 a 8.1 Service Pack 2 permiten a atacantes obtener el nombre de usuario y contraseña para arrancar el servidor accediendo directamente a ciertos métodos internos. • http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_55.00.jsp http://secunia.com/advisories/11359 http://securitytracker.com/id?1009766 http://www.kb.cert.org/vuls/id/352110 http://www.osvdb.org/5296 http://www.securityfocus.com/bid/10133 https://exchange.xforce.ibmcloud.com/vulnerabilities/15865 •

CVSS: 2.1EPSS: 0%CPEs: 4EXPL: 0

BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 through SP2 does not enforce site restrictions for starting and stopping servers for users in the Admin and Operator security roles, which allows unauthorized users to cause a denial of service (service shutdown). BEA WebLogic Server y WebLocic Express 7.0 hasta SP5 y 8.1 hasta SP2 no hace cumplir las restricciones de sitio para iniciar y parar servidores a usuarios en los papeles de seguridad Admin y Operator, lo que permite a usuarios no autorizados causar una denegación de servicio (parada del servicio) • http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_60.00.jsp http://secunia.com/advisories/11594 http://securitytracker.com/id?1010129 http://www.osvdb.org/6077 http://www.securityfocus.com/bid/10327 https://exchange.xforce.ibmcloud.com/vulnerabilities/16121 •