CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0CVE-2008-2580
https://notcve.org/view.php?id=CVE-2008-2580
Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, and 9.0 has unknown impact and remote attack vectors. Una vulnerabilidad no especificada en el componente WebLogic Server en BEA Product Suite de Oracle versiones 10.0 MP1, 9.2 MP3, 9.1 y 9.0, presenta un impacto desconocido y vectores de ataque remotos. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143 http://secunia.com/advisories/31087 http://secunia.com/advisories/31113 http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html http://www.securitytracker.com/id?1020498 http://www.vupen.com/english/advisories/2008/2109/references http://www.vupen.com/english/advisories/2008/2115 https://exchange.xforce.ibmcloud.com/vulnerabilities/43829 •
CVSS: 6.4EPSS: 0%CPEs: 27EXPL: 0CVE-2008-0895
https://notcve.org/view.php?id=CVE-2008-0895
BEA WebLogic Server and WebLogic Express 6.1 through 10.0 allows remote attackers to bypass authentication for application servlets via crafted request headers. BEA WebLogic Server y WebLogic Express de 6.1 a 10.0 permite a atacantes remotos evitar la autentificación para servlets de aplicación a través de cabeceras de petición modificadas. • http://dev2dev.bea.com/pub/advisory/265 http://secunia.com/advisories/29041 http://www.securitytracker.com/id?1019443 http://www.vupen.com/english/advisories/2008/0612/references • CWE-287: Improper Authentication •
CVSS: 7.9EPSS: 0%CPEs: 5EXPL: 0CVE-2008-0897
https://notcve.org/view.php?id=CVE-2008-0897
Unspecified vulnerability in BEA WebLogic Server 9.0 through 10.0 allows remote authenticated users without "receive" permissions to bypass intended access restrictions and receive messages from a standalone JMS Topic or secured Distributed Topic member destination, related to durable subscriptions. Vulnerabilidad no especificada en BEA WebLogic Server de 9.0 a 10.0 permite a usuarios autentificados remotamente sin los permisos "receive (recibir)" evitar las restricciones de acceso previstas y recibir mensajes de un JMS Topic independiente o un destino de miembro Distributed Topic seguro, relacionados a subscripciones duraderas. • http://dev2dev.bea.com/pub/advisory/267 http://secunia.com/advisories/29041 http://www.securitytracker.com/id?1019444 http://www.vupen.com/english/advisories/2008/0612/references • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.8EPSS: 0%CPEs: 13EXPL: 0CVE-2008-0898
https://notcve.org/view.php?id=CVE-2008-0898
The distributed queue feature in JMS in BEA WebLogic Server 9.0 through 10.0, in certain configurations, does not properly handle when a client cannot send a message to a member of a distributed queue, which allows remote authenticated users to bypass intended access restrictions for protected distributed queues. La característica de cola distribuida en JMS de BEA WebLogic Server de 9.0 a 10.0, en ciertas configuraciones, no manipula correctamente cuando un cliente no puede enviar un mensaje a un miembro de una cola distribuida, lo que permite a usuarios autentificados remotamente evitar las restricciones de acceso previstas para colas distribuidas protegidas. • http://dev2dev.bea.com/pub/advisory/268 http://secunia.com/advisories/29041 http://www.securitytracker.com/id?1019447 http://www.vupen.com/english/advisories/2008/0612/references • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2008-0899
https://notcve.org/view.php?id=CVE-2008-0899
Cross-site scripting (XSS) vulnerability in the Administration Console in BEA WebLogic Server and Express 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via URLs that are not properly handled by the Unexpected Exception Page. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la Administration Console de BEA WebLogic Server y Express de 9.0 a 10.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de URLs modificados que no se manipulan correctamente por Unexpected Exception Page (Excepción de Página no Esperada). • http://dev2dev.bea.com/pub/advisory/269 http://secunia.com/advisories/29041 http://www.securitytracker.com/id?1019448 http://www.vupen.com/english/advisories/2008/0612/references • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •