CVSS: 7.5EPSS: 4%CPEs: 2EXPL: 0CVE-2007-0408
https://notcve.org/view.php?id=CVE-2007-0408
BEA Weblogic Server 8.1 through 8.1 SP4 does not properly validate client certificates when reusing cached connections, which allows remote attackers to obtain access via an untrusted X.509 certificate. BEA Weblogic Server 8.1 hasta 8.1 SP4 no valida adecuadamente certificados cliente al reutilizar conexiones cacheadas, lo cual permite a atacantes remotos obtener acceso mediante un certificado X.509 que no es de confianza. • http://dev2dev.bea.com/pub/advisory/202 http://osvdb.org/38500 http://secunia.com/advisories/23750 http://securitytracker.com/id?1017519 http://www.securityfocus.com/bid/22082 http://www.vupen.com/english/advisories/2007/0213 •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2007-0415
https://notcve.org/view.php?id=CVE-2007-0415
BEA WebLogic Server 8.1 through 8.1 SP5 does not properly enforce access control after a dynamic update and dynamic redeployment of an application that is implemented through exploded jars, which allows attackers to bypass intended access restrictions. BEA WebLogic Server 8.1 hasta 8.1 SP5 no fuerza adecuadamente el control de acceso tras una actualización dinámica y un redespliegue dinámico de una aplicación que está implementada a través de jars expandidos, lo cual permite a los atacantes evitar las restricciones de acceso pretendidas. • http://dev2dev.bea.com/pub/advisory/209 http://osvdb.org/38509 http://secunia.com/advisories/23750 http://securitytracker.com/id?1017525 http://www.securityfocus.com/bid/22082 http://www.vupen.com/english/advisories/2007/0213 •
CVSS: 7.5EPSS: 0%CPEs: 19EXPL: 0CVE-2006-2469
https://notcve.org/view.php?id=CVE-2006-2469
The HTTP handlers in BEA WebLogic Server 9.0, 8.1 up to SP5, 7.0 up to SP6, and 6.1 up to SP7 stores the username and password in cleartext in the WebLogic Server log when access to a web application or protected JWS fails, which allows attackers to gain privileges. • http://dev2dev.bea.com/pub/advisory/189 http://secunia.com/advisories/20130 http://securitytracker.com/id?1016098 http://www.vupen.com/english/advisories/2006/1828 https://exchange.xforce.ibmcloud.com/vulnerabilities/26463 •
CVSS: 5.0EPSS: 1%CPEs: 40EXPL: 0CVE-2006-2471
https://notcve.org/view.php?id=CVE-2006-2471
Multiple vulnerabilities in BEA WebLogic Server 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7 leak sensitive information to remote attackers, including (1) DNS and IP addresses to address to T3 clients, (2) internal sensitive information using GetIORServlet, (3) certain "server details" in exceptions when invalid XML is provided, and (4) a stack trace in a SOAP fault. • http://dev2dev.bea.com/pub/advisory/187 http://secunia.com/advisories/20130 http://securitytracker.com/id?1016096 http://www.vupen.com/english/advisories/2006/1828 https://exchange.xforce.ibmcloud.com/vulnerabilities/26465 •
CVSS: 4.0EPSS: 0%CPEs: 17EXPL: 0CVE-2006-2467
https://notcve.org/view.php?id=CVE-2006-2467
BEA WebLogic Server 8.1 up to SP4, 7.0 up to SP6, and 6.1 up to SP7 displays the internal IP address of the WebLogic server in the WebLogic Server Administration Console, which allows remote authenticated administrators to determine the address. • http://dev2dev.bea.com/pub/advisory/191 http://secunia.com/advisories/20130 http://securitytracker.com/id?1016097 http://securitytracker.com/id?1016099 http://www.vupen.com/english/advisories/2006/1828 https://exchange.xforce.ibmcloud.com/vulnerabilities/26462 •