CVE-2008-5461
https://notcve.org/view.php?id=CVE-2008-5461
Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0, and SP7 allows remote attackers to affect confidentiality, integrity, and availability, related to WLS. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is cross-site scripting. Una vulnerabilidad no especificada en el componente WebLogic Server de Product Suite de BEA versiones 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 y SP7, permite a los atacantes remotos afectar la confidencialidad, integridad y disponibilidad relacionada a WLS. NOTA: la información anterior fue obtenida de la CPU de enero de 2009. • http://jvn.jp/en/jp/JVN93431860/index.html http://secunia.com/advisories/33526 http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html http://www.securityfocus.com/bid/33177 http://www.securitytracker.com/id?1021571 http://www.vupen.com/english/advisories/2009/0115 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-264: Permissions, Privileges, and Access Controls •
CVE-2008-5462
https://notcve.org/view.php?id=CVE-2008-5462
Unspecified vulnerability in the WebLogic Portal component in BEA Product Suite 10.3, 10.2, 10.0 MP1, 9.2 MP3, and 8.1 SP6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Vulnerabilidad no especificada en el componente WebLogic Portal component en BEA Product Suite 10.3, 10.2, 10.0, MP1, 9.2, MP3, 8.1, y SP6 que permite atacantes remotos y afecta a la confidencialidad, integridad y disponibilidad a través de vectores desconocidos. • http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html http://www.securityfocus.com/bid/33177 http://www.securitytracker.com/id?1021571 http://www.vupen.com/english/advisories/2009/0115 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2008-5459
https://notcve.org/view.php?id=CVE-2008-5459
Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3 allows remote attackers to affect confidentiality via unknown vectors. Vulnerabilidad no especificada en el componente WebLogic Server en BEA Product Suite 10.3 que permite ataques remotos y afecta a la confidencialidad a través de vectores desconocidos. • http://secunia.com/advisories/33526 http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html http://www.securityfocus.com/bid/33177 http://www.securitytracker.com/id?1021571 http://www.vupen.com/english/advisories/2009/0115 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2008-5457 – BEA WebLogic - JSESSIONID Cookie Value Overflow
https://notcve.org/view.php?id=CVE-2008-5457
Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Vulnerabilidad no especificada en el componente Oracle BEA WebLogic Server Plugins para Apache, Sun y IIS web servers en BEA Product Suite 10.3, 10.0, MP1, 9.2, MP3, 9.1, 9.0, 8.1, SP6, 7.0 y SP7 permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad mediante vectores desconocidos. • https://www.exploit-db.com/exploits/16762 https://www.exploit-db.com/exploits/8336 http://secunia.com/advisories/33526 http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html http://www.securityfocus.com/bid/33177 http://www.securitytracker.com/id?1021571 http://www.vupen.com/english/advisories/2009/0115 •
CVE-2008-4009
https://notcve.org/view.php?id=CVE-2008-4009
Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 9.1, when configuring multiple authorizers, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Una vulnerabilidad no especificada en el componente WebLogic Server en BEA Product Suite versión 9.1, al configurar varios autorizadores, permite a los atacantes remotos afectar a la confidencialidad, integridad y disponibilidad por medio de vectores desconocidos. • http://secunia.com/advisories/32304 http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html http://www.securitytracker.com/id?1021056 http://www.vupen.com/english/advisories/2008/2825 https://exchange.xforce.ibmcloud.com/vulnerabilities/45908 https://support.bea.com/application_content/product_portlets/securityadvisories/2802.html •