CVSS: 9.8EPSS: 94%CPEs: 174EXPL: 2CVE-2017-5645 – log4j: Socket receiver deserialization vulnerability
https://notcve.org/view.php?id=CVE-2017-5645
17 Apr 2017 — In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. En Apache Log4j 2.x en versiones anteriores a 2.8.2, cuando se utiliza el servidor de socket TCP o el servidor de socket UDP para recibir sucesos de registro serializados de otra aplicación, puede enviarse una carga binaria especialmente diseñada que, cuando se des... • https://github.com/pimps/CVE-2017-5645 • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.3EPSS: 0%CPEs: 16EXPL: 0CVE-2010-4453
https://notcve.org/view.php?id=CVE-2010-4453
19 Jan 2011 — Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 7.0.7, 8.1.6, 9.0, 9.1, 9.2.4, 10.0.2, 10.3.2, and 10.3.3 allows remote attackers to affect integrity via unknown vectors related to Servlet Container. Vulnerabilidad no especificada en el componente Oracle WebLogic Server para Oracle Fusion Middleware v7.0.7, v8.1.6, v9.0, v9.1, v9.2.4, v10.0.2, v10.3.2, y v10.3.3 permite a atacantes remotos afectar a la integridad a través de vectores desconocidos relacionados Se... • http://osvdb.org/70584 •
CVSS: 9.1EPSS: 16%CPEs: 8EXPL: 1CVE-2010-2375 – Oracle WebLogic Server 10.3.3 - Encoded URL
https://notcve.org/view.php?id=CVE-2010-2375
13 Jul 2010 — Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS. Paquete/Privilegio: Plugins para Apache, Sun y servicios web IIS, vulnerabilidad no especificada en el componente WebLogic Server de Oracle Fusion Middleware v7.0 SP7, v8.1 SP6, v9.0, v9.1, v9.2 MP3, v10.0 MP2, v10.... • https://www.exploit-db.com/exploits/34312 •
CVSS: 10.0EPSS: 3%CPEs: 7EXPL: 0CVE-2010-0073
https://notcve.org/view.php?id=CVE-2010-0073
14 Apr 2010 — Unspecified vulnerability in the WebLogic Server in Oracle WebLogic Server 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, and 10.3.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Vulnerabilidad no especificada en el WebLogic Server en Oracle WebLogic Server v7.0 SP7,v8.1 SP6, v9.0, v9.1, v9.2 MP3, v10.0 MP2, y v10.3.2, permite a atacantes remotos comprometer la confidencialidad, integridad y disponibilidad a través de vectores desconocidos. • http://secunia.com/advisories/39439 •
CVSS: 5.3EPSS: 35%CPEs: 93EXPL: 0CVE-2009-0217 – xml-security-1.3.0-1jpp.ep1.*: XMLDsig HMAC-based signatures spoofing and authentication bypass
https://notcve.org/view.php?id=CVE-2009-0217
14 Jul 2009 — The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.... • http://blogs.sun.com/security/entry/cert_vulnerability_note_vu_466161 •
CVSS: 10.0EPSS: 78%CPEs: 72EXPL: 2CVE-2008-3257 – Bea Weblogic Apache Connector - Code Execution / Denial of Service
https://notcve.org/view.php?id=CVE-2008-3257
22 Jul 2008 — Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request. Desbordamiento de búfer basado en pila en Apache Connector (mod_wl) en Oracle WebLogic Server (anteriormente BEA Weblogic Server) 10.3 y anteriores, permite a atacantes remotos ejecutar código de su elección a través de una cade... • https://www.exploit-db.com/exploits/6089 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2008-2578
https://notcve.org/view.php?id=CVE-2008-2578
15 Jul 2008 — Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 10.0 and 9.2 MP1 has unknown impact and local attack vectors. Una vulnerabilidad no especificada en el componente WebLogic Server en BEA Product Suite de Oracle versiones 10.0 y 9.2 MP1, presenta un impacto desconocido y vectores de ataque locales. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143 •
CVSS: 9.8EPSS: 0%CPEs: 99EXPL: 0CVE-2008-2579
https://notcve.org/view.php?id=CVE-2008-2579
15 Jul 2008 — Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors. Una vulnerabilidad no especificada en el componente WebLogic Server Plugins para Apache, servidores web Sun e IIS en BEA Product Suite de Oracle versiones 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7 y 6.1 SP7, presenta un impacto desconocido y vectores de ataque remotos. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143 •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2008-2580
https://notcve.org/view.php?id=CVE-2008-2580
15 Jul 2008 — Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, and 9.0 has unknown impact and remote attack vectors. Una vulnerabilidad no especificada en el componente WebLogic Server en BEA Product Suite de Oracle versiones 10.0 MP1, 9.2 MP3, 9.1 y 9.0, presenta un impacto desconocido y vectores de ataque remotos. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143 •
CVSS: 9.8EPSS: 0%CPEs: 12EXPL: 0CVE-2008-2581
https://notcve.org/view.php?id=CVE-2008-2581
15 Jul 2008 — Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 has unknown impact and remote attack vectors related to UDDI Explorer. Una vulnerabilidad no especificada en el componente WebLogic Server en BEA Product Suite de Oracle versiones 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6 y 7.0 SP7, presenta un impacto desconocido y vectores de ataque remotos relacionados con UDDI Explorer. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143 •