Page 3 of 21 results (0.005 seconds)

CVSS: 5.0EPSS: 2%CPEs: 7EXPL: 0

CVE-2007-0414

https://notcve.org/view.php?id=CVE-2007-0414

BEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, and 9.0 allows remote attackers to cause a denial of service (server hang) via certain requests that cause muxer threads to block when processing error pages. BEA WebLogic Server 6.1 hasta 6.1 SP7, 7.0 hasta 7.0 SP6, 8.1 hasta 8.1 SP5, y 9.0 permite a atacantes remotos provocar una denegación de servicio (cuelgue del servidor) mediante ciertas peticiones que causan que hilos multiplexados se bloqueen al procesar páginas de error. • http://dev2dev.bea.com/pub/advisory/208 http://osvdb.org/38506 http://secunia.com/advisories/23750 http://securitytracker.com/id?1017525 http://www.securityfocus.com/bid/22082 http://www.vupen.com/english/advisories/2007/0213 •

CVSS: 6.8EPSS: 1%CPEs: 5EXPL: 0

CVE-2007-0411

https://notcve.org/view.php?id=CVE-2007-0411

BEA WebLogic Server 8.1 through 8.1 SP5, 9.0, 9.1, and 9.2 Gold, when WS-Security is used, does not properly validate certificates, which allows remote attackers to conduct a man-in-the-middle (MITM) attack. BEA WebLogic Server 8.1 hasta 8.1 SP5, 9.0, 9.1, y 9.2 Gold, cuando WS-Security es utilizado, no valida certificados adecuadamente, lo cual permite a atacantes remotos llevar a cabo ataques de hombre en el medio (MITM, man-in-the-middle). • http://dev2dev.bea.com/pub/advisory/205 http://osvdb.org/38503 http://secunia.com/advisories/23750 http://securitytracker.com/id?1017525 http://www.securityfocus.com/bid/22082 http://www.vupen.com/english/advisories/2007/0213 •

CVSS: 4.4EPSS: 0%CPEs: 2EXPL: 0

CVE-2007-0413

https://notcve.org/view.php?id=CVE-2007-0413

BEA WebLogic Server 8.1 through 8.1 SP5 stores cleartext data in a backup of config.xml after offline editing, which allows local users to obtain sensitive information by reading this backup file. BEA WebLogic Server versiones 8.1 hasta 8.1 SP5, almacena los datos en texto sin cifrar en una copia de seguridad del archivo config.xml después de la edición offline, lo que permite a usuarios locales obtener información confidencial mediante la lectura de este archivo de copia de seguridad. • http://dev2dev.bea.com/pub/advisory/207 http://osvdb.org/38504 http://secunia.com/advisories/23750 http://securitytracker.com/id?1017525 http://www.securityfocus.com/bid/22082 http://www.vupen.com/english/advisories/2007/0213 •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2005-1744

https://notcve.org/view.php?id=CVE-2005-1744

BEA WebLogic Server and WebLogic Express 7.0 through Service Pack 5 does not log out users when an application is redeployed, which allows those users to continue to access the application without having to log in again, which may be in violation of newly changed security constraints or role mappings. • http://dev2dev.bea.com/pub/advisory/127 http://secunia.com/advisories/15486 http://securitytracker.com/id?1014049 http://www.securityfocus.com/bid/13717 http://www.vupen.com/english/advisories/2005/0604 • CWE-459: Incomplete Cleanup •

CVSS: 5.0EPSS: 0%CPEs: 9EXPL: 2

CVE-2003-0621 – BEA Tuxedo 6/7/8 and WebLogic Enterprise 4/5 - Input Validation

https://notcve.org/view.php?id=CVE-2003-0621

The Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to determine the existence of files outside the web root via modified paths in the INIFILE argument. La consola de adminstración de BEA Tuxedo 8.1 y anteriores permite a atacantes remotos determinar la existencia de ficheros fuera de la raíz web mediante rutas modificadas en el argumento INFILE. • https://www.exploit-db.com/exploits/23312 http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/advisory03_38_00.jsp http://marc.info/?l=bugtraq&m=106762000607681&w=2 http://www.securityfocus.com/bid/8931 https://exchange.xforce.ibmcloud.com/vulnerabilities/13559 •