Page 5 of 25 results (0.406 seconds)

CVSS: 6.4EPSS: 0%CPEs: 20EXPL: 0

The SSL server implementation in BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP1, and 10.0 sometimes selects the null cipher when no other cipher is compatible between the server and client, which might allow remote attackers to intercept communications. La implementación del cliente SSL en el BEA WebLogic Server 7.0 Gold hasta el SP7, el 8.1 Gold hasta el SP6, el 9.0, el 9.1, el 9.2 Gold hasta el MP1 y el 10.0, selecciona algunas veces una clave nula cuando no son compatibles otras claves entre el servidor y el cliente, lo que puede permitir a atacantes remotos interceptar las comunicaciones. • http://dev2dev.bea.com/pub/advisory/245 http://secunia.com/advisories/26539 http://securitytracker.com/id?1018620 http://www.securityfocus.com/bid/25472 http://www.vupen.com/english/advisories/2007/3008 https://exchange.xforce.ibmcloud.com/vulnerabilities/36320 •

CVSS: 5.4EPSS: 2%CPEs: 3EXPL: 0

BEA WebLogic Server 9.0 through 9.2 allows remote attackers to cause a denial of service (SSL port unavailability) by accessing a half-closed SSL socket. BEA WebLogic Server 9.0 hasta 9.2 permite a atacantes remotos causar una denegación de servicio (indisponibilidad de puerto SSL) teniendo acceso a un socket SSL a medio cerrar. • http://dev2dev.bea.com/pub/advisory/237 http://osvdb.org/36064 http://secunia.com/advisories/25284 http://securitytracker.com/id?1018057 http://www.vupen.com/english/advisories/2007/1815 https://exchange.xforce.ibmcloud.com/vulnerabilities/34278 •

CVSS: 6.8EPSS: 1%CPEs: 5EXPL: 0

BEA WebLogic Server 8.1 through 8.1 SP5, 9.0, 9.1, and 9.2 Gold, when WS-Security is used, does not properly validate certificates, which allows remote attackers to conduct a man-in-the-middle (MITM) attack. BEA WebLogic Server 8.1 hasta 8.1 SP5, 9.0, 9.1, y 9.2 Gold, cuando WS-Security es utilizado, no valida certificados adecuadamente, lo cual permite a atacantes remotos llevar a cabo ataques de hombre en el medio (MITM, man-in-the-middle). • http://dev2dev.bea.com/pub/advisory/205 http://osvdb.org/38503 http://secunia.com/advisories/23750 http://securitytracker.com/id?1017525 http://www.securityfocus.com/bid/22082 http://www.vupen.com/english/advisories/2007/0213 •

CVSS: 5.0EPSS: 2%CPEs: 3EXPL: 0

BEA WebLogic Server 9.0, 9.1, and 9.2 Gold, when running on Solaris 9, allows remote attackers to cause a denial of service (server inaccessibility) via manipulated socket connections. BEA WebLogic Server 9.0, 9.1, y 9.2 Gold, cuando se ejecutan en Solaris 9, permite a atacantes remotos provocar una denegación de servicio (inaccesibilidad del servidor) mediante conexiones socket manipuladas. • http://dev2dev.bea.com/pub/advisory/217 http://osvdb.org/32858 http://secunia.com/advisories/23750 http://securitytracker.com/id?1017525 http://www.securityfocus.com/bid/22082 http://www.vupen.com/english/advisories/2007/0213 •

CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0

BEA WebLogic Server 9.0, 9.1, and 9.2 Gold allows remote attackers to obtain sensitive information via malformed HTTP requests, which reveal data from previous requests. BEA WebLogic Server 9.0, 9.1, y 9.2 Gold permite a atacantes remotos obtener información sensible mediante peticiones HTTP mal formadas, lo cual revela datos de peticiones anteriores. • http://dev2dev.bea.com/pub/advisory/214 http://osvdb.org/38514 http://secunia.com/advisories/23750 http://securitytracker.com/id?1017525 http://www.securityfocus.com/bid/22082 http://www.vupen.com/english/advisories/2007/0213 •