CVSS: 5.0EPSS: 1%CPEs: 15EXPL: 0CVE-2004-2424
https://notcve.org/view.php?id=CVE-2004-2424
BEA WebLogic Server and WebLogic Express 8.1 through 8.1 SP2 allow remote attackers to cause a denial of service (network port consumption) via unknown actions in HTTPS sessions, which prevents the server from releasing the network port when the session ends. • http://dev2dev.bea.com/pub/advisory/7 http://secunia.com/advisories/11864 http://securitytracker.com/id?1010492 http://www.osvdb.org/7076 http://www.securityfocus.com/bid/10544 https://exchange.xforce.ibmcloud.com/vulnerabilities/16419 •
CVSS: 5.8EPSS: 0%CPEs: 85EXPL: 0CVE-2004-2320
https://notcve.org/view.php?id=CVE-2004-2320
The default configuration of BEA WebLogic Server and Express 8.1 SP2 and earlier, 7.0 SP4 and earlier, 6.1 through SP6, and 5.1 through SP13 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting. • http://dev2dev.bea.com/pub/advisory/68 http://secunia.com/advisories/10726 http://www.kb.cert.org/vuls/id/867593 http://www.osvdb.org/3726 http://www.securityfocus.com/bid/9506 http://www.securitytracker.com/alerts/2004/Jan/1008866.html https://exchange.xforce.ibmcloud.com/vulnerabilities/14959 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 2.1EPSS: 0%CPEs: 3EXPL: 0CVE-2004-2321
https://notcve.org/view.php?id=CVE-2004-2321
BEA WebLogic Server and Express 8.1 SP1 and earlier allows local users in the Operator role to obtain administrator passwords via MBean attributes, including (1) ServerStartMBean.Password and (2) NodeManagerMBean.CertificatePassword. • http://dev2dev.bea.com/pub/advisory/1 http://www.securityfocus.com/bid/9505 http://www.securitytracker.com/alerts/2004/Jan/1008867.html https://exchange.xforce.ibmcloud.com/vulnerabilities/14962 •
CVSS: 5.5EPSS: 0%CPEs: 61EXPL: 0CVE-2004-2696
https://notcve.org/view.php?id=CVE-2004-2696
BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, when using Remote Method Invocation (RMI) over Internet Inter-ORB Protocol (IIOP), does not properly handle when multiple logins for different users coming from the same client, which could cause an "unexpected user identity" to be used in an RMI call. • http://dev2dev.bea.com/pub/advisory/59 http://secunia.com/advisories/11865 http://securitytracker.com/id?1010493 http://www.osvdb.org/7081 http://www.securityfocus.com/bid/10545 https://exchange.xforce.ibmcloud.com/vulnerabilities/16421 • CWE-255: Credentials Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 21EXPL: 0CVE-2004-0711
https://notcve.org/view.php?id=CVE-2004-0711
The URL pattern matching feature in BEA WebLogic Server 6.x matches illegal patterns ending in "*" as wildcards as if they were the legal "/*" pattern, which could cause WebLogic 7.x to allow remote attackers to bypass intended access restrictions because the illegal patterns are properly rejected. La característica de coincidencia de patrones en URL de WebLogic Server 6.x encuentra coincidencias en patrones ilegales terminados en "*" como comodines como si fueran el patrón legal "/", lo que podría causar que usuarios remotos se saltaran las restricciones de acceso pretendidas porque los patrones ilegales son rechazados adecuadamente. • http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_56.00.jsp http://www.kb.cert.org/vuls/id/184558 http://www.securityfocus.com/bid/10184 https://exchange.xforce.ibmcloud.com/vulnerabilities/15927 •