CVSS: 7.5EPSS: 0%CPEs: 69EXPL: 0CVE-2005-4750
https://notcve.org/view.php?id=CVE-2005-4750
31 Dec 2005 — BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP5 and earlier, and 6.1 SP7 and earlier allow remote attackers to cause a denial of service (server thread hang) via unknown attack vectors. • http://dev2dev.bea.com/pub/advisory/138 •
CVSS: 9.1EPSS: 0%CPEs: 33EXPL: 0CVE-2005-4705
https://notcve.org/view.php?id=CVE-2005-4705
31 Dec 2005 — BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7, when a Java client application creates an SSL connection to the server after it has already created an insecure connection, will use the insecure connection, which allows remote attackers to sniff the connection. • http://dev2dev.bea.com/pub/advisory/141 •
CVSS: 7.5EPSS: 0%CPEs: 33EXPL: 0CVE-2005-4766
https://notcve.org/view.php?id=CVE-2005-4766
31 Dec 2005 — BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP5 and earlier, do not encrypt multicast traffic, which might allow remote attackers to read sensitive cluster synchronization messages by sniffing the multicast traffic. • http://dev2dev.bea.com/pub/advisory/157 •
CVSS: 7.8EPSS: 0%CPEs: 24EXPL: 0CVE-2005-4752
https://notcve.org/view.php?id=CVE-2005-4752
31 Dec 2005 — BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP6 and earlier, might allow local users to gain privileges by using the run-as deployment descriptor element to change the privileges of a web application or EJB from the Deployer security role to the Admin security role. • http://dev2dev.bea.com/pub/advisory/142 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2005-4755
https://notcve.org/view.php?id=CVE-2005-4755
31 Dec 2005 — BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier (1) stores the private key passphrase (CustomTrustKeyStorePassPhrase) in cleartext in nodemanager.config; or, during domain creation with the Configuration Wizard, renders an SSL private key passphrase in cleartext (2) on a terminal or (3) in a log file, which might allow local users to obtain cryptographic keys. • http://dev2dev.bea.com/pub/advisory/145 •
CVSS: 9.1EPSS: 1%CPEs: 40EXPL: 0CVE-2005-4749
https://notcve.org/view.php?id=CVE-2005-4749
31 Dec 2005 — HTTP request smuggling vulnerability in BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier allows remote attackers to inject arbitrary HTTP headers via unspecified attack vectors. • http://dev2dev.bea.com/pub/advisory/159 •
CVSS: 9.1EPSS: 1%CPEs: 36EXPL: 0CVE-2005-4765
https://notcve.org/view.php?id=CVE-2005-4765
31 Dec 2005 — BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier and 7.0 SP6 and earlier, when using the weblogic.Deployer command with the t3 protocol, does not use the secure t3s protocol even when an Administration port is enabled on the Administration server, which might allow remote attackers to sniff the connection. • http://dev2dev.bea.com/pub/advisory/156 •
CVSS: 9.1EPSS: 0%CPEs: 20EXPL: 0CVE-2005-4757
https://notcve.org/view.php?id=CVE-2005-4757
31 Dec 2005 — BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier, and 7.0 SP5 and earlier, do not properly "constrain" a "/" (slash) servlet root URL pattern, which might allow remote attackers to bypass intended servlet protections. • http://dev2dev.bea.com/pub/advisory/147 •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2005-4758
https://notcve.org/view.php?id=CVE-2005-4758
31 Dec 2005 — Unspecified vulnerability in the Administration server in BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier allows remote authenticated Admin users to read arbitrary files via unknown attack vectors related to an "internal servlet" accessed through HTTP. • http://dev2dev.bea.com/pub/advisory/148 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2005-4759
https://notcve.org/view.php?id=CVE-2005-4759
31 Dec 2005 — BEA WebLogic Server and WebLogic Express 8.1 and 7.0, during a migration across operating system platforms, do not warn the administrative user about platform differences in URLResource case sensitivity, which might cause local users to inadvertently lose protection of Web Application pages. • http://dev2dev.bea.com/pub/advisory/149 •