CVE-2007-2695
https://notcve.org/view.php?id=CVE-2007-2695
The HttpClusterServlet and HttpProxyServlet in BEA WebLogic Express and WebLogic Server 6.1 through SP7, 7.0 through SP7, 8.1 through SP5, 9.0, and 9.1, when SecureProxy is enabled, may process "external requests on behalf of a system identity," which allows remote attackers to access administrative data or functionality. Los servlets HttpClusterServlet y HttpProxyServlet en BEA WebLogic Express y WebLogic Server 6.1 hasta SP7, 7.0 hasta SP7, 8.1 hasta SP5, 9.0, y 9.1, cuando SecureProxy está habitilitado, pueden procesar "peticiones externas de parte de una identidad de sistema", lo cual permite a atacantes remotos acceder a datos o funcionalidades de administración. • http://dev2dev.bea.com/pub/advisory/227 http://dev2dev.bea.com/pub/advisory/274 http://osvdb.org/36074 http://secunia.com/advisories/25284 http://secunia.com/advisories/29041 http://securitytracker.com/id?1018057 http://www.vupen.com/english/advisories/2007/1815 http://www.vupen.com/english/advisories/2008/0612/references https://exchange.xforce.ibmcloud.com/vulnerabilities/34282 •
CVE-2007-0421
https://notcve.org/view.php?id=CVE-2007-0421
BEA WebLogic Server 6.1 through 6.1 SP7, and 7.0 through 7.0 SP7 allows remote attackers to cause a denial of service (disk consumption) via requests containing malformed headers, which cause a large amount of data to be written to the server log. BEA WebLogic Server 6.1 hasta 6.1 SP7, y 7.0 hasta 7.0 SP7 permite a atacantes remotos provocar denegación de servicio (consumo de disco) a través de respuestas que contienen cabeceras malformadas, lo cual provoca que una gran cantidad de datos sean escritos en el log del servidor. • http://dev2dev.bea.com/pub/advisory/215 http://osvdb.org/32859 http://secunia.com/advisories/23750 http://securitytracker.com/id?1017525 http://www.securityfocus.com/bid/22082 http://www.vupen.com/english/advisories/2007/0213 •
CVE-2007-0409
https://notcve.org/view.php?id=CVE-2007-0409
BEA WebLogic 7.0 through 7.0 SP6, 8.1 through 8.1 SP4, and 9.0 initial release does not encrypt passwords stored in the JDBCDataSourceFactory MBean Properties, which allows local administrative users to read the cleartext password. BEA WebLogic 7.0 hasta 7.0 SP6, 8.1 hasta 8.1 SP4, y 9.0 lanzamiento inicial no encripta las contraseñas almacenadas en JDBCDataSourceFactory MBean Properties, lo cual permite a usuarios administrativos locales leer las contraseñas en texto plano. • http://dev2dev.bea.com/pub/advisory/203 http://osvdb.org/38501 http://secunia.com/advisories/23750 http://securitytracker.com/id?1017525 http://www.securityfocus.com/bid/22082 http://www.vupen.com/english/advisories/2007/0213 •
CVE-2007-0411
https://notcve.org/view.php?id=CVE-2007-0411
BEA WebLogic Server 8.1 through 8.1 SP5, 9.0, 9.1, and 9.2 Gold, when WS-Security is used, does not properly validate certificates, which allows remote attackers to conduct a man-in-the-middle (MITM) attack. BEA WebLogic Server 8.1 hasta 8.1 SP5, 9.0, 9.1, y 9.2 Gold, cuando WS-Security es utilizado, no valida certificados adecuadamente, lo cual permite a atacantes remotos llevar a cabo ataques de hombre en el medio (MITM, man-in-the-middle). • http://dev2dev.bea.com/pub/advisory/205 http://osvdb.org/38503 http://secunia.com/advisories/23750 http://securitytracker.com/id?1017525 http://www.securityfocus.com/bid/22082 http://www.vupen.com/english/advisories/2007/0213 •
CVE-2007-0425
https://notcve.org/view.php?id=CVE-2007-0425
Unspecified vulnerability in BEA WebLogic Platform and Server 8.1 through 8.1 SP5, and JRockit 1.4.2 R4.5 and earlier, allows attackers to gain privileges via unspecified vectors, related to an "overflow condition," probably a buffer overflow. Vulnerabilidad no especificada en BEA WebLogic Platform and Server 8.1 hasta 8.1 SP5, y JRockit 1.4.2 R4.5 y anteriores, permite a los atacantes obtener privilegios a través de vectores no especificados, relacionados con una "condición de desbordamiento", probablemente un desbordamiento de búfer. • http://dev2dev.bea.com/pub/advisory/222 http://osvdb.org/38515 http://secunia.com/advisories/23750 http://securitytracker.com/id?1017525 http://www.vupen.com/english/advisories/2007/0213 •