CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2003-1438
https://notcve.org/view.php?id=CVE-2003-1438
31 Dec 2003 — Race condition in BEA WebLogic Server and Express 5.1 through 7.0.0.1, when using in-memory session replication or replicated stateful session beans, causes the same buffer to be provided to two users, which could allow one user to see session data that was intended for another user. • http://dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-26.01.jsp • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.1EPSS: 3%CPEs: 2EXPL: 2CVE-2003-0624 – BEA WebLogic 6/7/8 - InteractiveQuery.jsp Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2003-0624
05 Nov 2003 — Cross-site scripting (XSS) vulnerability in InteractiveQuery.jsp for BEA WebLogic 8.1 and earlier allows remote attackers to inject malicious web script via the person parameter. Vulnerabilidad de scripts en sitios cruzados en Interactive.jsp de BEA WebLogic 8.1 y anteriores permite a atacantes remotos inyectar script web malicioso mediante el parámetro person. • https://www.exploit-db.com/exploits/23315 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.2EPSS: 1%CPEs: 5EXPL: 0CVE-2003-0733
https://notcve.org/view.php?id=CVE-2003-0733
04 Sep 2003 — Multiple cross-site scripting (XSS) vulnerabilities in WebLogic Integration 7.0 and 2.0, Liquid Data 1.1, and WebLogic Server and Express 5.1 through 7.0, allow remote attackers to execute arbitrary web script and steal authentication credentials via (1) a forward instruction to the Servlet container or (2) other vulnerabilities in the WebLogic Server console application. • http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/SA_BEA03_36.00.jsp •
CVSS: 9.8EPSS: 4%CPEs: 28EXPL: 0CVE-2003-0151
https://notcve.org/view.php?id=CVE-2003-0151
21 Mar 2003 — BEA WebLogic Server and Express 6.0 through 7.0 does not properly restrict access to certain internal servlets that perform administrative functions, which allows remote attackers to read arbitrary files or execute arbitrary code. BEA Weblogic Server y Express 6.0 a 7.0 no restringe adecuadamente el acceso a ciertos servlets internos que llevan a cabo funciones administrativas, lo que permite a atacantes remotos leer ficheros arbitrarios o ejecutar código arbitrario. • http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-28.jsp •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2002-2142
https://notcve.org/view.php?id=CVE-2002-2142
31 Dec 2002 — An undocumented extension for the Servlet mappings in the Servlet 2.3 specification, when upgrading to WebLogic Server and Express 7.0 Service Pack 1 from BEA WebLogic Server and Express 6.0 through 7.0.0.1, does not prepend a "/" character in certain URL patterns, which prevents the proper enforcement of role mappings and policies in applications that use the extension. • http://dev2dev.bea.com/pub/advisory/3 •
CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 0CVE-2002-2177
https://notcve.org/view.php?id=CVE-2002-2177
31 Dec 2002 — BEA WebLogic Server and Express 6.1 through 7.0.0.1 buffers HTTP requests in a way that can cause BEA to send the same response for two different HTTP requests, which could allow remote attackers to obtain sensitive information that was intended for other users. • http://dev2dev.bea.com/pub/advisory/38 •
CVSS: 5.9EPSS: 0%CPEs: 40EXPL: 0CVE-2002-1030
https://notcve.org/view.php?id=CVE-2002-1030
04 Oct 2002 — Race condition in Performance Pack in BEA WebLogic Server and Express 5.1.x, 6.0.x, 6.1.x and 7.0 allows remote attackers to cause a denial of service (crash) via a flood of data and connections. • http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0008.html •
CVSS: 7.5EPSS: 6%CPEs: 2EXPL: 1CVE-2002-0106 – BEA Systems WebLogic Server and Express 7.0 - Null Character Denial of Service
https://notcve.org/view.php?id=CVE-2002-0106
15 Mar 2002 — BEA Systems Weblogic Server 6.1 allows remote attackers to cause a denial of service via a series of requests to .JSP files that contain an MS-DOS device name. El Servidor 6.1 Weblogic de BEA Sistemas, permite a atacantes que remotos causar una negación de servicio vía una serie de peticiones a archivos .JSP que contengan un nombre de dispositivo de MS-DOS. • https://www.exploit-db.com/exploits/21432 •