CVSS: 9.1EPSS: 5%CPEs: 2EXPL: 0CVE-2007-0408
https://notcve.org/view.php?id=CVE-2007-0408
23 Jan 2007 — BEA Weblogic Server 8.1 through 8.1 SP4 does not properly validate client certificates when reusing cached connections, which allows remote attackers to obtain access via an untrusted X.509 certificate. BEA Weblogic Server 8.1 hasta 8.1 SP4 no valida adecuadamente certificados cliente al reutilizar conexiones cacheadas, lo cual permite a atacantes remotos obtener acceso mediante un certificado X.509 que no es de confianza. • http://dev2dev.bea.com/pub/advisory/202 •
CVSS: 7.4EPSS: 2%CPEs: 5EXPL: 0CVE-2007-0411
https://notcve.org/view.php?id=CVE-2007-0411
23 Jan 2007 — BEA WebLogic Server 8.1 through 8.1 SP5, 9.0, 9.1, and 9.2 Gold, when WS-Security is used, does not properly validate certificates, which allows remote attackers to conduct a man-in-the-middle (MITM) attack. BEA WebLogic Server 8.1 hasta 8.1 SP5, 9.0, 9.1, y 9.2 Gold, cuando WS-Security es utilizado, no valida certificados adecuadamente, lo cual permite a atacantes remotos llevar a cabo ataques de hombre en el medio (MITM, man-in-the-middle). • http://dev2dev.bea.com/pub/advisory/205 •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2007-0417
https://notcve.org/view.php?id=CVE-2007-0417
23 Jan 2007 — BEA WebLogic Server 7.0 through 7.0 SP7, 8.1 through 8.1 SP5, 9.0, and 9.1, when using the WebLogic Server 6.1 compatibility realm, allows attackers to execute certain EJB container persistence operations with an administrative identity. BEA WebLogic Server 7.0 hasta 7.0 SP7, 8.1 hasta 8.1 SP5, 9.0, y 9.1, cuando se usa el dominio de compatibilidad con WebLogic Server 6.1, permite a los atacantes ejecutar determinadas operaciones de persistencia de contenedores EJB con una identidad administrativa. • http://dev2dev.bea.com/pub/advisory/211 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2005-1744
https://notcve.org/view.php?id=CVE-2005-1744
24 May 2005 — BEA WebLogic Server and WebLogic Express 7.0 through Service Pack 5 does not log out users when an application is redeployed, which allows those users to continue to access the application without having to log in again, which may be in violation of newly changed security constraints or role mappings. • http://dev2dev.bea.com/pub/advisory/127 • CWE-459: Incomplete Cleanup •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 2CVE-2003-0624 – BEA WebLogic 6/7/8 - InteractiveQuery.jsp Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2003-0624
05 Nov 2003 — Cross-site scripting (XSS) vulnerability in InteractiveQuery.jsp for BEA WebLogic 8.1 and earlier allows remote attackers to inject malicious web script via the person parameter. Vulnerabilidad de scripts en sitios cruzados en Interactive.jsp de BEA WebLogic 8.1 y anteriores permite a atacantes remotos inyectar script web malicioso mediante el parámetro person. • https://www.exploit-db.com/exploits/23315 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 9EXPL: 2CVE-2003-0621 – BEA Tuxedo 6/7/8 and WebLogic Enterprise 4/5 - Input Validation
https://notcve.org/view.php?id=CVE-2003-0621
05 Nov 2003 — The Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to determine the existence of files outside the web root via modified paths in the INIFILE argument. La consola de adminstración de BEA Tuxedo 8.1 y anteriores permite a atacantes remotos determinar la existencia de ficheros fuera de la raíz web mediante rutas modificadas en el argumento INFILE. • https://www.exploit-db.com/exploits/23312 •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 1CVE-2003-0623
https://notcve.org/view.php?id=CVE-2003-0623
05 Nov 2003 — Cross-site scripting (XSS) vulnerability in the Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to inject arbitrary web script via the INIFILE argument. Vulnerabilidad de scripts en sitios cruzados en la consola de adminstración de BEA Tuxedo 8.1 y anteriores permite a atacantes remotos inyectar script web arbitrario mediante una argumento INFILE. • http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/advisory03_38_00.jsp •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 1CVE-2003-0622
https://notcve.org/view.php?id=CVE-2003-0622
05 Nov 2003 — The Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to cause a denial of service (hang) via pathname arguments that contain MS-DOS device names such as CON and AUX. La consola de adminstración de BEA Tuxedo 8.1 y anteriores permite a atacantes remotos causar una denegación de servicio (cuelgue) mediante argumentos de nombre de ruta que contienen nombres de dispositivos de MS-DOS como CON o AUX. • http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/advisory03_38_00.jsp •
CVSS: 10.0EPSS: 24%CPEs: 1EXPL: 3CVE-2001-0098 – BEA Systems WebLogic Server 4.0 x/4.5 x/5.1 x - Double Dot Buffer Overflow
https://notcve.org/view.php?id=CVE-2001-0098
02 Feb 2001 — Buffer overflow in Bea WebLogic Server before 5.1.0 allows remote attackers to execute arbitrary commands via a long URL that begins with a ".." string. • https://www.exploit-db.com/exploits/20516 •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 2CVE-2000-0684 – NetZero ZeroPort 3.0 - Weak Encryption Method
https://notcve.org/view.php?id=CVE-2000-0684
13 Oct 2000 — BEA WebLogic 5.1.x does not properly restrict access to the JSPServlet, which could allow remote attackers to compile and execute Java JSP code by directly invoking the servlet on any source file. • https://www.exploit-db.com/exploits/20081 •