CVSS: 9.1EPSS: 5%CPEs: 2EXPL: 0CVE-2007-0408
https://notcve.org/view.php?id=CVE-2007-0408
23 Jan 2007 — BEA Weblogic Server 8.1 through 8.1 SP4 does not properly validate client certificates when reusing cached connections, which allows remote attackers to obtain access via an untrusted X.509 certificate. BEA Weblogic Server 8.1 hasta 8.1 SP4 no valida adecuadamente certificados cliente al reutilizar conexiones cacheadas, lo cual permite a atacantes remotos obtener acceso mediante un certificado X.509 que no es de confianza. • http://dev2dev.bea.com/pub/advisory/202 •
CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 0CVE-2007-0419
https://notcve.org/view.php?id=CVE-2007-0419
23 Jan 2007 — The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage). El plug-in de proxy de BEA WebLogic Server anterior a Junio de 2006 para el Apache HTTP Server no maneja adecuadamente errores de protocolo, lo cual permite a atacantes remotos provocar una denegación de servicio (apagón del servidor). • http://dev2dev.bea.com/pub/advisory/213 •
CVSS: 7.5EPSS: 1%CPEs: 16EXPL: 0CVE-2007-0421
https://notcve.org/view.php?id=CVE-2007-0421
23 Jan 2007 — BEA WebLogic Server 6.1 through 6.1 SP7, and 7.0 through 7.0 SP7 allows remote attackers to cause a denial of service (disk consumption) via requests containing malformed headers, which cause a large amount of data to be written to the server log. BEA WebLogic Server 6.1 hasta 6.1 SP7, y 7.0 hasta 7.0 SP7 permite a atacantes remotos provocar denegación de servicio (consumo de disco) a través de respuestas que contienen cabeceras malformadas, lo cual provoca que una gran cantidad de datos sean escritos en el... • http://dev2dev.bea.com/pub/advisory/215 •
CVSS: 7.4EPSS: 2%CPEs: 5EXPL: 0CVE-2007-0411
https://notcve.org/view.php?id=CVE-2007-0411
23 Jan 2007 — BEA WebLogic Server 8.1 through 8.1 SP5, 9.0, 9.1, and 9.2 Gold, when WS-Security is used, does not properly validate certificates, which allows remote attackers to conduct a man-in-the-middle (MITM) attack. BEA WebLogic Server 8.1 hasta 8.1 SP5, 9.0, 9.1, y 9.2 Gold, cuando WS-Security es utilizado, no valida certificados adecuadamente, lo cual permite a atacantes remotos llevar a cabo ataques de hombre en el medio (MITM, man-in-the-middle). • http://dev2dev.bea.com/pub/advisory/205 •
CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 0CVE-2007-0424
https://notcve.org/view.php?id=CVE-2007-0424
23 Jan 2007 — Unspecified vulnerability in the BEA WebLogic Server proxy plug-in for Netscape Enterprise Server before September 2006 for Netscape Enterprise Server allow remote attackers to cause a denial of service via certain requests that trigger errors that lead to a server being marked as unavailable, hosting web server failure, or CPU consumption. Vulnerabilidad no especificada en la extensión de proxy de BEA WebLogic Server anterior a Septiembre de 2006 para Netscape Enterprise Server permite a atacantes remotos ... • http://dev2dev.bea.com/pub/advisory/219 •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2007-0417
https://notcve.org/view.php?id=CVE-2007-0417
23 Jan 2007 — BEA WebLogic Server 7.0 through 7.0 SP7, 8.1 through 8.1 SP5, 9.0, and 9.1, when using the WebLogic Server 6.1 compatibility realm, allows attackers to execute certain EJB container persistence operations with an administrative identity. BEA WebLogic Server 7.0 hasta 7.0 SP7, 8.1 hasta 8.1 SP5, 9.0, y 9.1, cuando se usa el dominio de compatibilidad con WebLogic Server 6.1, permite a los atacantes ejecutar determinadas operaciones de persistencia de contenedores EJB con una identidad administrativa. • http://dev2dev.bea.com/pub/advisory/211 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2006-2546
https://notcve.org/view.php?id=CVE-2006-2546
23 May 2006 — A recommended admin password reset mechanism for BEA WebLogic Server 8.1, when followed before October 10, 2005, causes the administrator password to be stored in cleartext in the domain directory, which could allow attackers to gain privileges. • http://dev2dev.bea.com/pub/advisory/193 •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2006-2462
https://notcve.org/view.php?id=CVE-2006-2462
19 May 2006 — BEA WebLogic Server 8.1 before Service Pack 4 and 7.0 before Service Pack 6, may send sensitive data over non-secure channels when using JTA transactions, which allows remote attackers to read potentially sensitive network traffic. • http://dev2dev.bea.com/pub/advisory/195 •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2006-2464
https://notcve.org/view.php?id=CVE-2006-2464
19 May 2006 — stopWebLogic.sh in BEA WebLogic Server 8.1 before Service Pack 4 and 7.0 before Service Pack 6 displays the administrator password to stdout when executed, which allows local users to obtain the password by viewing a local display. • http://dev2dev.bea.com/pub/advisory/181 •
CVSS: 4.0EPSS: 0%CPEs: 17EXPL: 0CVE-2006-2467
https://notcve.org/view.php?id=CVE-2006-2467
19 May 2006 — BEA WebLogic Server 8.1 up to SP4, 7.0 up to SP6, and 6.1 up to SP7 displays the internal IP address of the WebLogic server in the WebLogic Server Administration Console, which allows remote authenticated administrators to determine the address. • http://dev2dev.bea.com/pub/advisory/191 •