CVSS: 7.5EPSS: 4%CPEs: 2EXPL: 0CVE-2007-0408
https://notcve.org/view.php?id=CVE-2007-0408
BEA Weblogic Server 8.1 through 8.1 SP4 does not properly validate client certificates when reusing cached connections, which allows remote attackers to obtain access via an untrusted X.509 certificate. BEA Weblogic Server 8.1 hasta 8.1 SP4 no valida adecuadamente certificados cliente al reutilizar conexiones cacheadas, lo cual permite a atacantes remotos obtener acceso mediante un certificado X.509 que no es de confianza. • http://dev2dev.bea.com/pub/advisory/202 http://osvdb.org/38500 http://secunia.com/advisories/23750 http://securitytracker.com/id?1017519 http://www.securityfocus.com/bid/22082 http://www.vupen.com/english/advisories/2007/0213 •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2007-0415
https://notcve.org/view.php?id=CVE-2007-0415
BEA WebLogic Server 8.1 through 8.1 SP5 does not properly enforce access control after a dynamic update and dynamic redeployment of an application that is implemented through exploded jars, which allows attackers to bypass intended access restrictions. BEA WebLogic Server 8.1 hasta 8.1 SP5 no fuerza adecuadamente el control de acceso tras una actualización dinámica y un redespliegue dinámico de una aplicación que está implementada a través de jars expandidos, lo cual permite a los atacantes evitar las restricciones de acceso pretendidas. • http://dev2dev.bea.com/pub/advisory/209 http://osvdb.org/38509 http://secunia.com/advisories/23750 http://securitytracker.com/id?1017525 http://www.securityfocus.com/bid/22082 http://www.vupen.com/english/advisories/2007/0213 •
CVSS: 7.5EPSS: 0%CPEs: 19EXPL: 0CVE-2006-2469
https://notcve.org/view.php?id=CVE-2006-2469
The HTTP handlers in BEA WebLogic Server 9.0, 8.1 up to SP5, 7.0 up to SP6, and 6.1 up to SP7 stores the username and password in cleartext in the WebLogic Server log when access to a web application or protected JWS fails, which allows attackers to gain privileges. • http://dev2dev.bea.com/pub/advisory/189 http://secunia.com/advisories/20130 http://securitytracker.com/id?1016098 http://www.vupen.com/english/advisories/2006/1828 https://exchange.xforce.ibmcloud.com/vulnerabilities/26463 •
CVSS: 5.0EPSS: 0%CPEs: 76EXPL: 0CVE-2005-1746
https://notcve.org/view.php?id=CVE-2005-1746
The cluster cookie parsing code in BEA WebLogic Server 7.0 through Service Pack 5 attempts to contact any host or port specified in a cookie, even when it is not in the cluster, which allows remote attackers to cause a denial of service (cluster slowdown) via modified cookies. • http://dev2dev.bea.com/pub/advisory/129 http://secunia.com/advisories/15486 http://securitytracker.com/id?1014049 http://www.securityfocus.com/bid/13717 http://www.vupen.com/english/advisories/2005/0606 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2005-1744
https://notcve.org/view.php?id=CVE-2005-1744
BEA WebLogic Server and WebLogic Express 7.0 through Service Pack 5 does not log out users when an application is redeployed, which allows those users to continue to access the application without having to log in again, which may be in violation of newly changed security constraints or role mappings. • http://dev2dev.bea.com/pub/advisory/127 http://secunia.com/advisories/15486 http://securitytracker.com/id?1014049 http://www.securityfocus.com/bid/13717 http://www.vupen.com/english/advisories/2005/0604 • CWE-459: Incomplete Cleanup •