CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0CVE-2007-2698
https://notcve.org/view.php?id=CVE-2007-2698
The Administration Console in BEA WebLogic Server 9.0 may show plaintext Web Service attributes during configuration creation, which allows remote attackers to obtain sensitive credential information. La Consola de Administración en BEA WebLogic Server 9.0 puede mostrar los atributos del Servicio Web en texto plano durante la configuración, lo cual permite a atacantes remotos obtener información credencial sensible. • http://dev2dev.bea.com/pub/advisory/230 http://osvdb.org/36071 http://securitytracker.com/id?1018057 http://www.vupen.com/english/advisories/2007/1815 https://exchange.xforce.ibmcloud.com/vulnerabilities/34286 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 1CVE-2007-2699 – Oracle Application Testing Suite WebLogic Server Administration Console War Deployment
https://notcve.org/view.php?id=CVE-2007-2699
The Administration Console in BEA WebLogic Express and WebLogic Server 9.0 and 9.1 does not properly enforce certain Domain Security Policies, which allows remote administrative users in the Deployer role to upload arbitrary files. La Consola de Administración en BEA WebLogic Express y WebLogic Server 9.0 y 9.1 no hace cumplir correctamente ciertas Políticas de Seguridad del Dominio, lo cual permite a usuarios administradores remotos en el rol de Desplegador (Deployer) enviar ficheros de su elección. • http://dev2dev.bea.com/pub/advisory/231 http://osvdb.org/36069 http://packetstormsecurity.com/files/153072/Oracle-Application-Testing-Suite-WebLogic-Server-Administration-Console-War-Deployment.html http://secunia.com/advisories/25284 http://securitytracker.com/id?1018057 http://www.vupen.com/english/advisories/2007/1815 https://exchange.xforce.ibmcloud.com/vulnerabilities/34289 https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/oats_weblogic_console.rb •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2007-0420
https://notcve.org/view.php?id=CVE-2007-0420
BEA WebLogic Server 9.0, 9.1, and 9.2 Gold allows remote attackers to obtain sensitive information via malformed HTTP requests, which reveal data from previous requests. BEA WebLogic Server 9.0, 9.1, y 9.2 Gold permite a atacantes remotos obtener información sensible mediante peticiones HTTP mal formadas, lo cual revela datos de peticiones anteriores. • http://dev2dev.bea.com/pub/advisory/214 http://osvdb.org/38514 http://secunia.com/advisories/23750 http://securitytracker.com/id?1017525 http://www.securityfocus.com/bid/22082 http://www.vupen.com/english/advisories/2007/0213 •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2007-0417
https://notcve.org/view.php?id=CVE-2007-0417
BEA WebLogic Server 7.0 through 7.0 SP7, 8.1 through 8.1 SP5, 9.0, and 9.1, when using the WebLogic Server 6.1 compatibility realm, allows attackers to execute certain EJB container persistence operations with an administrative identity. BEA WebLogic Server 7.0 hasta 7.0 SP7, 8.1 hasta 8.1 SP5, 9.0, y 9.1, cuando se usa el dominio de compatibilidad con WebLogic Server 6.1, permite a los atacantes ejecutar determinadas operaciones de persistencia de contenedores EJB con una identidad administrativa. • http://dev2dev.bea.com/pub/advisory/211 http://osvdb.org/38511 http://secunia.com/advisories/23750 http://securitytracker.com/id?1017525 http://www.securityfocus.com/bid/22082 http://www.vupen.com/english/advisories/2007/0213 •
CVSS: 1.5EPSS: 0%CPEs: 5EXPL: 0CVE-2007-0409
https://notcve.org/view.php?id=CVE-2007-0409
BEA WebLogic 7.0 through 7.0 SP6, 8.1 through 8.1 SP4, and 9.0 initial release does not encrypt passwords stored in the JDBCDataSourceFactory MBean Properties, which allows local administrative users to read the cleartext password. BEA WebLogic 7.0 hasta 7.0 SP6, 8.1 hasta 8.1 SP4, y 9.0 lanzamiento inicial no encripta las contraseñas almacenadas en JDBCDataSourceFactory MBean Properties, lo cual permite a usuarios administrativos locales leer las contraseñas en texto plano. • http://dev2dev.bea.com/pub/advisory/203 http://osvdb.org/38501 http://secunia.com/advisories/23750 http://securitytracker.com/id?1017525 http://www.securityfocus.com/bid/22082 http://www.vupen.com/english/advisories/2007/0213 •