CVSS: 7.5EPSS: 0%CPEs: 76EXPL: 0CVE-2005-1749
https://notcve.org/view.php?id=CVE-2005-1749
24 May 2005 — Buffer overflow in BEA WebLogic Server and WebLogic Express 6.1 Service Pack 4 allows remote attackers to cause a denial of service (CPU consumption from thread looping). • http://dev2dev.bea.com/pub/advisory/132 •
CVSS: 7.8EPSS: 0%CPEs: 46EXPL: 0CVE-2004-1757
https://notcve.org/view.php?id=CVE-2004-1757
31 Dec 2004 — BEA WebLogic Server and Express 8.1, SP1 and earlier, stores the administrator password in cleartext in config.xml, which allows local users to gain privileges. • http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_50.00.jsp •
CVSS: 5.8EPSS: 7%CPEs: 85EXPL: 0CVE-2004-2320 – Micro Focus Security Bulletin MFSBGN03812 1
https://notcve.org/view.php?id=CVE-2004-2320
31 Dec 2004 — The default configuration of BEA WebLogic Server and Express 8.1 SP2 and earlier, 7.0 SP4 and earlier, 6.1 through SP6, and 5.1 through SP13 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting. A potential security vulnerability has been identified in Micro Focus Application Performance Management. The vulnerability could be remotely exploited to remote cross-site tracing ... • http://dev2dev.bea.com/pub/advisory/68 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 0%CPEs: 61EXPL: 0CVE-2004-2696
https://notcve.org/view.php?id=CVE-2004-2696
31 Dec 2004 — BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, when using Remote Method Invocation (RMI) over Internet Inter-ORB Protocol (IIOP), does not properly handle when multiple logins for different users coming from the same client, which could cause an "unexpected user identity" to be used in an RMI call. • http://dev2dev.bea.com/pub/advisory/59 • CWE-255: Credentials Management Errors •
CVSS: 6.5EPSS: 0%CPEs: 44EXPL: 0CVE-2004-0713
https://notcve.org/view.php?id=CVE-2004-0713
21 Jul 2004 — The remove method in a stateful Enterprise JavaBean (EJB) in BEA WebLogic Server and WebLogic Express version 8.1 through SP2, 7.0 through SP4, and 6.1 through SP6, does not properly check EJB permissions before unexporting a bean, which allows remote authenticated users to remove EJB objects from remote views before the security exception is thrown. El método remove en una Enterprise JavaBean (EJB) con estado en BEA WebLogic Server y WebLogic Express version 8.1 hasta SP2, 7.0 hasta SP4, y 6.1 a SP6, no co... • http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_57.00.jsp •
CVSS: 7.8EPSS: 0%CPEs: 37EXPL: 0CVE-2004-1758
https://notcve.org/view.php?id=CVE-2004-1758
13 Apr 2004 — BEA WebLogic Server and WebLogic Express version 8.1 up to SP2, 7.0 up to SP4, and 6.1 up to SP6 may store the database username and password for an untargeted JDBC connection pool in plaintext in config.xml, which allows local users to gain privileges. • http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_53.00.jsp •
CVSS: 9.1EPSS: 0%CPEs: 7EXPL: 0CVE-2003-1093
https://notcve.org/view.php?id=CVE-2003-1093
31 Dec 2003 — BEA WebLogic Server 6.1, 7.0 and 7.0.0.1, when routing messages to a JMS target domain that is inaccessible, may leak the user's password when it throws a ResourceAllocationException. • http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-24.jsp •
CVSS: 7.5EPSS: 0%CPEs: 42EXPL: 0CVE-2003-1220
https://notcve.org/view.php?id=CVE-2003-1220
31 Dec 2003 — BEA WebLogic Server proxy plugin for BEA Weblogic Express and Server 6.1 through 8.1 SP 1 allows remote attackers to cause a denial of service (proxy plugin crash) via a malformed URL. • http://dev2dev.bea.com/pub/advisory/25 •
CVSS: 7.5EPSS: 0%CPEs: 44EXPL: 0CVE-2003-1223
https://notcve.org/view.php?id=CVE-2003-1223
31 Dec 2003 — The Node Manager for BEA WebLogic Express and Server 6.1 through 8.1 SP 1 allows remote attackers to cause a denial of service (Node Manager crash) via malformed data to the Node Manager's port, as demonstrated by nmap. • http://dev2dev.bea.com/pub/advisory/48 •
CVSS: 7.5EPSS: 0%CPEs: 58EXPL: 0CVE-2003-1290
https://notcve.org/view.php?id=CVE-2003-1290
31 Dec 2003 — BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, with RMI and anonymous admin lookup enabled, allows remote attackers to obtain configuration information by accessing MBeanHome via the Java Naming and Directory Interface (JNDI). • http://dev2dev.bea.com/pub/advisory/162 •