CVSS: 5.0EPSS: 2%CPEs: 76EXPL: 0CVE-2005-1749
https://notcve.org/view.php?id=CVE-2005-1749
Buffer overflow in BEA WebLogic Server and WebLogic Express 6.1 Service Pack 4 allows remote attackers to cause a denial of service (CPU consumption from thread looping). • http://dev2dev.bea.com/pub/advisory/132 http://secunia.com/advisories/15486 http://www.securityfocus.com/bid/13717 http://www.vupen.com/english/advisories/2005/0609 •
CVSS: 5.8EPSS: 0%CPEs: 85EXPL: 0CVE-2004-2320
https://notcve.org/view.php?id=CVE-2004-2320
The default configuration of BEA WebLogic Server and Express 8.1 SP2 and earlier, 7.0 SP4 and earlier, 6.1 through SP6, and 5.1 through SP13 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting. • http://dev2dev.bea.com/pub/advisory/68 http://secunia.com/advisories/10726 http://www.kb.cert.org/vuls/id/867593 http://www.osvdb.org/3726 http://www.securityfocus.com/bid/9506 http://www.securitytracker.com/alerts/2004/Jan/1008866.html https://exchange.xforce.ibmcloud.com/vulnerabilities/14959 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 1%CPEs: 58EXPL: 0CVE-2003-1290
https://notcve.org/view.php?id=CVE-2003-1290
BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, with RMI and anonymous admin lookup enabled, allows remote attackers to obtain configuration information by accessing MBeanHome via the Java Naming and Directory Interface (JNDI). • http://dev2dev.bea.com/pub/advisory/162 http://secunia.com/advisories/10218 http://secunia.com/advisories/18396 http://www.osvdb.org/3064 http://www.securityfocus.com/bid/16215 http://www.securityfocus.com/bid/9034 https://exchange.xforce.ibmcloud.com/vulnerabilities/13752 •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2003-1438
https://notcve.org/view.php?id=CVE-2003-1438
Race condition in BEA WebLogic Server and Express 5.1 through 7.0.0.1, when using in-memory session replication or replicated stateful session beans, causes the same buffer to be provided to two users, which could allow one user to see session data that was intended for another user. • http://dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-26.01.jsp http://www.securityfocus.com/bid/6717 http://www.securitytracker.com/id?1006018 https://exchange.xforce.ibmcloud.com/vulnerabilities/11221 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 2CVE-2003-0624 – BEA WebLogic 6/7/8 - InteractiveQuery.jsp Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2003-0624
Cross-site scripting (XSS) vulnerability in InteractiveQuery.jsp for BEA WebLogic 8.1 and earlier allows remote attackers to inject malicious web script via the person parameter. Vulnerabilidad de scripts en sitios cruzados en Interactive.jsp de BEA WebLogic 8.1 y anteriores permite a atacantes remotos inyectar script web malicioso mediante el parámetro person. • https://www.exploit-db.com/exploits/23315 http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/SA_BEA03_36.00.jsp http://marc.info/?l=bugtraq&m=106761926906781&w=2 http://www.securityfocus.com/bid/8938 https://exchange.xforce.ibmcloud.com/vulnerabilities/13568 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •