CVE-2008-2578
https://notcve.org/view.php?id=CVE-2008-2578
Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 10.0 and 9.2 MP1 has unknown impact and local attack vectors. Una vulnerabilidad no especificada en el componente WebLogic Server en BEA Product Suite de Oracle versiones 10.0 y 9.2 MP1, presenta un impacto desconocido y vectores de ataque locales. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143 http://secunia.com/advisories/31087 http://secunia.com/advisories/31113 http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html http://www.securitytracker.com/id?1020498 http://www.vupen.com/english/advisories/2008/2109/references http://www.vupen.com/english/advisories/2008/2115 https://exchange.xforce.ibmcloud.com/vulnerabilities/43827 •
CVE-2008-2576
https://notcve.org/view.php?id=CVE-2008-2576
Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 9.2, 9.1, 9.0, and 8.1 SP6 has unknown impact and local attack vectors. Una vulnerabilidad no especificada en el componente WebLogic Server en BEA Product Suite de Oracle versiones 9.2, 9.1, 9.0 y 8.1 SP6, presenta un impacto desconocido y vectores de ataque locales. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143 http://secunia.com/advisories/31087 http://secunia.com/advisories/31113 http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html http://www.securitytracker.com/id?1020498 http://www.vupen.com/english/advisories/2008/2109/references http://www.vupen.com/english/advisories/2008/2115 https://exchange.xforce.ibmcloud.com/vulnerabilities/43828 •
CVE-2008-2577
https://notcve.org/view.php?id=CVE-2008-2577
Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 9.2 MP1 has unknown impact and remote authenticated attack vectors. Una vulnerabilidad no especificada en el componente WebLogic Server en BEA Product Suite de Oracle versiones 9.2 MP1, presenta un impacto desconocido y vectores de ataque autenticados remotos. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143 http://secunia.com/advisories/31087 http://secunia.com/advisories/31113 http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html http://www.securitytracker.com/id?1020498 http://www.vupen.com/english/advisories/2008/2109/references http://www.vupen.com/english/advisories/2008/2115 https://exchange.xforce.ibmcloud.com/vulnerabilities/43826 •
CVE-2008-0895
https://notcve.org/view.php?id=CVE-2008-0895
BEA WebLogic Server and WebLogic Express 6.1 through 10.0 allows remote attackers to bypass authentication for application servlets via crafted request headers. BEA WebLogic Server y WebLogic Express de 6.1 a 10.0 permite a atacantes remotos evitar la autentificación para servlets de aplicación a través de cabeceras de petición modificadas. • http://dev2dev.bea.com/pub/advisory/265 http://secunia.com/advisories/29041 http://www.securitytracker.com/id?1019443 http://www.vupen.com/english/advisories/2008/0612/references • CWE-287: Improper Authentication •
CVE-2008-0897
https://notcve.org/view.php?id=CVE-2008-0897
Unspecified vulnerability in BEA WebLogic Server 9.0 through 10.0 allows remote authenticated users without "receive" permissions to bypass intended access restrictions and receive messages from a standalone JMS Topic or secured Distributed Topic member destination, related to durable subscriptions. Vulnerabilidad no especificada en BEA WebLogic Server de 9.0 a 10.0 permite a usuarios autentificados remotamente sin los permisos "receive (recibir)" evitar las restricciones de acceso previstas y recibir mensajes de un JMS Topic independiente o un destino de miembro Distributed Topic seguro, relacionados a subscripciones duraderas. • http://dev2dev.bea.com/pub/advisory/267 http://secunia.com/advisories/29041 http://www.securitytracker.com/id?1019444 http://www.vupen.com/english/advisories/2008/0612/references • CWE-264: Permissions, Privileges, and Access Controls •