CVSS: 9.8EPSS: 0%CPEs: 43EXPL: 0CVE-2005-4763
https://notcve.org/view.php?id=CVE-2005-4763
31 Dec 2005 — BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier, when Internet Inter-ORB Protocol (IIOP) is used, sometimes include a password in an exception message that is sent to a client or stored in a log file, which might allow remote attackers to perform unauthorized actions. • http://dev2dev.bea.com/pub/advisory/154 •
CVSS: 9.8EPSS: 0%CPEs: 68EXPL: 0CVE-2005-4764
https://notcve.org/view.php?id=CVE-2005-4764
31 Dec 2005 — BEA WebLogic Server and WebLogic Express 9.0, 8.1, and 7.0 lock out the admin user account after multiple incorrect password guesses, which allows remote attackers who know or guess the admin account name to cause a denial of service (blocked admin logins). • http://dev2dev.bea.com/pub/advisory/155 •
CVSS: 9.1EPSS: 1%CPEs: 36EXPL: 0CVE-2005-4765
https://notcve.org/view.php?id=CVE-2005-4765
31 Dec 2005 — BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier and 7.0 SP6 and earlier, when using the weblogic.Deployer command with the t3 protocol, does not use the secure t3s protocol even when an Administration port is enabled on the Administration server, which might allow remote attackers to sniff the connection. • http://dev2dev.bea.com/pub/advisory/156 •
CVSS: 7.5EPSS: 0%CPEs: 33EXPL: 0CVE-2005-4766
https://notcve.org/view.php?id=CVE-2005-4766
31 Dec 2005 — BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP5 and earlier, do not encrypt multicast traffic, which might allow remote attackers to read sensitive cluster synchronization messages by sniffing the multicast traffic. • http://dev2dev.bea.com/pub/advisory/157 •
CVSS: 9.8EPSS: 1%CPEs: 39EXPL: 0CVE-2005-4767
https://notcve.org/view.php?id=CVE-2005-4767
31 Dec 2005 — BEA WebLogic Server and WebLogic Express 8.1 SP5 and earlier, and 7.0 SP6 and earlier, when using username/password authentication, does not lock out a username after the maximum number of invalid login attempts, which makes it easier for remote attackers to guess the password. • http://dev2dev.bea.com/pub/advisory/161 •
CVSS: 7.5EPSS: 0%CPEs: 76EXPL: 0CVE-2005-1742
https://notcve.org/view.php?id=CVE-2005-1742
24 May 2005 — BEA WebLogic Server and WebLogic Express 8.1 SP2 and SP3 allows users with the Monitor security role to "shrink or reset JDBC connection pools." • http://dev2dev.bea.com/pub/advisory/125 •
CVSS: 7.5EPSS: 0%CPEs: 76EXPL: 0CVE-2005-1743
https://notcve.org/view.php?id=CVE-2005-1743
24 May 2005 — BEA WebLogic Server and WebLogic Express 8.1 through Service Pack 3 and 7.0 through Service Pack 5 does not properly handle when a security provider throws an exception, which may cause WebLogic to use incorrect identity for the thread, or to fail to audit security exceptions. • http://dev2dev.bea.com/pub/advisory/126 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2005-1744
https://notcve.org/view.php?id=CVE-2005-1744
24 May 2005 — BEA WebLogic Server and WebLogic Express 7.0 through Service Pack 5 does not log out users when an application is redeployed, which allows those users to continue to access the application without having to log in again, which may be in violation of newly changed security constraints or role mappings. • http://dev2dev.bea.com/pub/advisory/127 • CWE-459: Incomplete Cleanup •
CVSS: 9.8EPSS: 0%CPEs: 76EXPL: 0CVE-2005-1745
https://notcve.org/view.php?id=CVE-2005-1745
24 May 2005 — The UserLogin control in BEA WebLogic Portal 8.1 through Service Pack 3 prints the password to standard output when an incorrect login attempt is made, which could make it easier for attackers to guess the correct password. • http://dev2dev.bea.com/pub/advisory/128 •
CVSS: 7.5EPSS: 0%CPEs: 76EXPL: 0CVE-2005-1746
https://notcve.org/view.php?id=CVE-2005-1746
24 May 2005 — The cluster cookie parsing code in BEA WebLogic Server 7.0 through Service Pack 5 attempts to contact any host or port specified in a cookie, even when it is not in the cluster, which allows remote attackers to cause a denial of service (cluster slowdown) via modified cookies. • http://dev2dev.bea.com/pub/advisory/129 •