CVSS: 4.6EPSS: 0%CPEs: 7EXPL: 0CVE-2003-1093
https://notcve.org/view.php?id=CVE-2003-1093
BEA WebLogic Server 6.1, 7.0 and 7.0.0.1, when routing messages to a JMS target domain that is inaccessible, may leak the user's password when it throws a ResourceAllocationException. • http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-24.jsp http://www.kb.cert.org/vuls/id/331937 http://www.securityfocus.com/bid/6586 https://exchange.xforce.ibmcloud.com/vulnerabilities/11057 •
CVSS: 5.0EPSS: 1%CPEs: 58EXPL: 0CVE-2003-1290
https://notcve.org/view.php?id=CVE-2003-1290
BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, with RMI and anonymous admin lookup enabled, allows remote attackers to obtain configuration information by accessing MBeanHome via the Java Naming and Directory Interface (JNDI). • http://dev2dev.bea.com/pub/advisory/162 http://secunia.com/advisories/10218 http://secunia.com/advisories/18396 http://www.osvdb.org/3064 http://www.securityfocus.com/bid/16215 http://www.securityfocus.com/bid/9034 https://exchange.xforce.ibmcloud.com/vulnerabilities/13752 •
CVSS: 2.1EPSS: 0%CPEs: 34EXPL: 0CVE-2003-1437
https://notcve.org/view.php?id=CVE-2003-1437
BEA WebLogic Express and WebLogic Server 7.0 and 7.0.0.1, stores passwords in plaintext when a keystore is used to store a private key or trust certificate authorities, which allows local users to gain access. • http://dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-25.jsp http://www.securityfocus.com/bid/6719 https://exchange.xforce.ibmcloud.com/vulnerabilities/11220 •
CVSS: 5.0EPSS: 0%CPEs: 26EXPL: 0CVE-2003-1221
https://notcve.org/view.php?id=CVE-2003-1221
BEA WebLogic Express and Server 7.0 through 8.1 SP 1, under certain circumstances when a request to use T3 over SSL (t3s) is made to the insecure T3 port, may use a non-SSL connection for the communication, which could allow attackers to sniff sessions. • http://dev2dev.bea.com/pub/advisory/32 http://www.securityfocus.com/bid/9034 •
CVSS: 5.0EPSS: 0%CPEs: 42EXPL: 0CVE-2003-1220
https://notcve.org/view.php?id=CVE-2003-1220
BEA WebLogic Server proxy plugin for BEA Weblogic Express and Server 6.1 through 8.1 SP 1 allows remote attackers to cause a denial of service (proxy plugin crash) via a malformed URL. • http://dev2dev.bea.com/pub/advisory/25 http://www.securityfocus.com/bid/9034 •