CVSS: 4.6EPSS: 0%CPEs: 37EXPL: 0CVE-2004-1758
https://notcve.org/view.php?id=CVE-2004-1758
BEA WebLogic Server and WebLogic Express version 8.1 up to SP2, 7.0 up to SP4, and 6.1 up to SP6 may store the database username and password for an untargeted JDBC connection pool in plaintext in config.xml, which allows local users to gain privileges. • http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_53.00.jsp http://secunia.com/advisories/11357 http://securitytracker.com/id?1009764 http://www.kb.cert.org/vuls/id/920238 http://www.osvdb.org/5297 http://www.securityfocus.com/bid/10131 https://exchange.xforce.ibmcloud.com/vulnerabilities/15860 •
CVSS: 5.0EPSS: 1%CPEs: 20EXPL: 0CVE-2004-1756
https://notcve.org/view.php?id=CVE-2004-1756
BEA WebLogic Server and WebLogic Express 8.1 SP2 and earlier, and 7.0 SP4 and earlier, when using 2-way SSL with a custom trust manager, may accept a certificate chain even if the trust manager rejects it, which allows remote attackers to spoof other users or servers. • http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_54.00.jsp http://secunia.com/advisories/11358 http://securitytracker.com/id?1009765 http://www.kb.cert.org/vuls/id/566390 http://www.securityfocus.com/bid/10132 https://exchange.xforce.ibmcloud.com/vulnerabilities/15862 •
CVSS: 5.0EPSS: 0%CPEs: 42EXPL: 0CVE-2003-1220
https://notcve.org/view.php?id=CVE-2003-1220
BEA WebLogic Server proxy plugin for BEA Weblogic Express and Server 6.1 through 8.1 SP 1 allows remote attackers to cause a denial of service (proxy plugin crash) via a malformed URL. • http://dev2dev.bea.com/pub/advisory/25 http://www.securityfocus.com/bid/9034 •
CVSS: 5.0EPSS: 1%CPEs: 58EXPL: 0CVE-2003-1290
https://notcve.org/view.php?id=CVE-2003-1290
BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, with RMI and anonymous admin lookup enabled, allows remote attackers to obtain configuration information by accessing MBeanHome via the Java Naming and Directory Interface (JNDI). • http://dev2dev.bea.com/pub/advisory/162 http://secunia.com/advisories/10218 http://secunia.com/advisories/18396 http://www.osvdb.org/3064 http://www.securityfocus.com/bid/16215 http://www.securityfocus.com/bid/9034 https://exchange.xforce.ibmcloud.com/vulnerabilities/13752 •
CVSS: 5.0EPSS: 0%CPEs: 26EXPL: 0CVE-2003-1221
https://notcve.org/view.php?id=CVE-2003-1221
BEA WebLogic Express and Server 7.0 through 8.1 SP 1, under certain circumstances when a request to use T3 over SSL (t3s) is made to the insecure T3 port, may use a non-SSL connection for the communication, which could allow attackers to sniff sessions. • http://dev2dev.bea.com/pub/advisory/32 http://www.securityfocus.com/bid/9034 •