CVSS: 6.8EPSS: 0%CPEs: 22EXPL: 0CVE-2007-4613
https://notcve.org/view.php?id=CVE-2007-4613
31 Aug 2007 — SSL libraries in BEA WebLogic Server 6.1 Gold through SP7, 7.0 Gold through SP7, and 8.1 Gold through SP5 might allow remote attackers to obtain plaintext from an SSL stream via a man-in-the-middle attack that injects crafted data and measures the elapsed time before an error response, a different vulnerability than CVE-2006-2461. Librería SSL en el BEA WebLogic Server 6.1 Gold hasta el SP7, 7.0 Gold hasta el SP7 y el 8.1 Gold hasta el SP5, pueden permitir a atacantes remotos la obtención de texto plano de ... • http://dev2dev.bea.com/pub/advisory/201 • CWE-310: Cryptographic Issues •
CVSS: 6.1EPSS: 0%CPEs: 48EXPL: 0CVE-2007-2694
https://notcve.org/view.php?id=CVE-2007-2694
16 May 2007 — Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Express and WebLogic Server 6.1 through SP7, 7.0 through SP7, 8.1 through SP5, 9.0 GA, and 9.1 GA allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en BEA WebLogic Express y WebLogic Server 6.1 hasta SP7, 7.0 hasta SP7, 8.1 hasta SP5, 9.0 GA, y 9.1 GA permite a atacantes remotos inyectar secuencias de comandos web o HTML de su ... • http://dev2dev.bea.com/pub/advisory/232 •
CVSS: 7.5EPSS: 2%CPEs: 48EXPL: 0CVE-2007-2695
https://notcve.org/view.php?id=CVE-2007-2695
16 May 2007 — The HttpClusterServlet and HttpProxyServlet in BEA WebLogic Express and WebLogic Server 6.1 through SP7, 7.0 through SP7, 8.1 through SP5, 9.0, and 9.1, when SecureProxy is enabled, may process "external requests on behalf of a system identity," which allows remote attackers to access administrative data or functionality. Los servlets HttpClusterServlet y HttpProxyServlet en BEA WebLogic Express y WebLogic Server 6.1 hasta SP7, 7.0 hasta SP7, 8.1 hasta SP5, 9.0, y 9.1, cuando SecureProxy está habitilitado, ... • http://dev2dev.bea.com/pub/advisory/227 •
CVSS: 7.5EPSS: 1%CPEs: 21EXPL: 0CVE-2007-2696
https://notcve.org/view.php?id=CVE-2007-2696
16 May 2007 — The JMS Server in BEA WebLogic Server 6.1 through SP7, 7.0 through SP6, and 8.1 through SP5 enforces security access policies on the front end, which allows remote attackers to access protected queues via direct requests to the JMS back-end server. El Servidor JMS en BEA WebLogic Server 6.1 hasta SP7, 7.0 hasta SP6, y 8.1 hasta SP5 hace cumplir políticas de acceso de seguridad en la interfaz frontal (front end), lo cual permite a atacantes remotos acceder a colas protegidas mediante peticiones directas al s... • http://dev2dev.bea.com/pub/advisory/228 •
CVSS: 9.1EPSS: 1%CPEs: 33EXPL: 0CVE-2007-2697
https://notcve.org/view.php?id=CVE-2007-2697
16 May 2007 — The embedded LDAP server in BEA WebLogic Express and WebLogic Server 7.0 through SP6, 8.1 through SP5, 9.0, and 9.1, when in certain configurations, does not limit or audit failed authentication attempts, which allows remote attackers to more easily conduct brute-force attacks against the administrator password, or flood the server with login attempts and cause a denial of service. El servidor LDAP embebido en BEA WebLogic Express y WebLogic Server 7.0 hasta SP6, 8.1 hasta SP5, 9.0, y 9.1, en configuracione... • http://dev2dev.bea.com/pub/advisory/229 •
CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0CVE-2007-2701
https://notcve.org/view.php?id=CVE-2007-2701
16 May 2007 — The JMS Message Bridge in BEA WebLogic Server 7.0 through SP7 and 8.1 through Service Pack 6, when configured without a username and password, or when the connection URL is not defined, allows remote attackers to bypass the security access policy and "send unauthorized messages to a protected queue." El JMS Message Bridge en BEA WebLogic Server 7.0 hasta SP7 y 8.1 hasta Service Pack 6, cuando es configurado sin un nombre de usuario y una contraseña, o cuando la URL de conexión no esta definida, permite a at... • http://dev2dev.bea.com/pub/advisory/234 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2007-0409
https://notcve.org/view.php?id=CVE-2007-0409
23 Jan 2007 — BEA WebLogic 7.0 through 7.0 SP6, 8.1 through 8.1 SP4, and 9.0 initial release does not encrypt passwords stored in the JDBCDataSourceFactory MBean Properties, which allows local administrative users to read the cleartext password. BEA WebLogic 7.0 hasta 7.0 SP6, 8.1 hasta 8.1 SP4, y 9.0 lanzamiento inicial no encripta las contraseñas almacenadas en JDBCDataSourceFactory MBean Properties, lo cual permite a usuarios administrativos locales leer las contraseñas en texto plano. • http://dev2dev.bea.com/pub/advisory/203 •
CVSS: 7.5EPSS: 1%CPEs: 7EXPL: 0CVE-2007-0414
https://notcve.org/view.php?id=CVE-2007-0414
23 Jan 2007 — BEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, and 9.0 allows remote attackers to cause a denial of service (server hang) via certain requests that cause muxer threads to block when processing error pages. BEA WebLogic Server 6.1 hasta 6.1 SP7, 7.0 hasta 7.0 SP6, 8.1 hasta 8.1 SP5, y 9.0 permite a atacantes remotos provocar una denegación de servicio (cuelgue del servidor) mediante ciertas peticiones que causan que hilos multiplexados se bloqueen al procesar páginas de er... • http://dev2dev.bea.com/pub/advisory/208 •
CVSS: 7.5EPSS: 0%CPEs: 22EXPL: 0CVE-2007-0412
https://notcve.org/view.php?id=CVE-2007-0412
23 Jan 2007 — BEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP7, and 8.1 through 8.1 SP5 allows remote attackers to read arbitrary files inside the class-path property via .ear or exploded .ear files that use the manifest class-path property to point to utility jar files. BEA WebLogic Server 6.1 hasta 6.1 SP7, 7.0 hasta 7.0 SP7, y 8.1 hasta 8.1 SP5 permite a atacantes remotos leer archivos de su elección dentro de la propiedad class-path a través de .ear o explotar los archivos .ear que utiliza el manifiesto c... • http://dev2dev.bea.com/pub/advisory/206 •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2007-0417
https://notcve.org/view.php?id=CVE-2007-0417
23 Jan 2007 — BEA WebLogic Server 7.0 through 7.0 SP7, 8.1 through 8.1 SP5, 9.0, and 9.1, when using the WebLogic Server 6.1 compatibility realm, allows attackers to execute certain EJB container persistence operations with an administrative identity. BEA WebLogic Server 7.0 hasta 7.0 SP7, 8.1 hasta 8.1 SP5, 9.0, y 9.1, cuando se usa el dominio de compatibilidad con WebLogic Server 6.1, permite a los atacantes ejecutar determinadas operaciones de persistencia de contenedores EJB con una identidad administrativa. • http://dev2dev.bea.com/pub/advisory/211 •