CVE-2008-0900
https://notcve.org/view.php?id=CVE-2008-0900
Session fixation vulnerability in BEA WebLogic Server and Express 8.1 SP4 through SP6, 9.2 through MP1, and 10.0 allows remote authenticated users to hijack web sessions via unknown vectors. Vulnerabilidad de fijación de sesión en BEA WebLogic Server y Express de 8.1 SP4 a SP6, de 9.2 a MP1 y 10.0 permite a usuarios autentificados remotamente secuestrar sesiones web a través de vectores desconocidos. • http://dev2dev.bea.com/pub/advisory/270 http://secunia.com/advisories/29041 http://www.securitytracker.com/id?1019439 http://www.vupen.com/english/advisories/2008/0612/references • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2008-0901
https://notcve.org/view.php?id=CVE-2008-0901
BEA WebLogic Server and Express 7.0 through 10.0 allows remote attackers to conduct brute force password guessing attacks, even when account lockout has been activated, via crafted URLs that indicate whether a guessed password is successful or not. BEA WebLogic Server y Express de 7.0 a 10.0 permite a atacantes remotos llevar a cabo ataques para adivinar contraseñas mediante fuerza bruta, incluso cuando se ha activado el cierre de cuenta, a través de URLs manipulados que indican si la contraseña supuesta es buena o no. • http://dev2dev.bea.com/pub/advisory/271 http://secunia.com/advisories/29041 http://www.s21sec.com/avisos/s21sec-040-en.txt http://www.securityfocus.com/archive/1/488686/100/0/threaded http://www.securitytracker.com/id?1019449 http://www.vupen.com/english/advisories/2008/0612/references • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-255: Credentials Management Errors •
CVE-2008-0902
https://notcve.org/view.php?id=CVE-2008-0902
Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 6.1 through 10.0 MP1 allow remote attackers to inject arbitrary web script or HTML via unspecified samples. NOTE: this might be the same issue as CVE-2007-2694. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en BEA WebLogic Server y Express de 6.1 a 10.0 MP1 permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de muestras no especificadas. NOTA: podría ser la misma vulnerabilidad que CVE-2007-2694. • http://dev2dev.bea.com/pub/advisory/273 http://secunia.com/advisories/29041 http://www.vupen.com/english/advisories/2008/0612/references • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2008-0903
https://notcve.org/view.php?id=CVE-2008-0903
Unspecified vulnerability in the BEA WebLogic Server and Express proxy plugin, as distributed before November 2007 and before 9.2 MP3 and 10.0 MP2, allows remote attackers to cause a denial of service (web server crash) via a crafted URL. Vulnerabilidad no especificada en el plugin BEA WebLogic Server y Express proxy, como se distribuyó antes de Noviembre de 2007 y antes de 9.2 MP3 y 10.0 MP2, permite a atacantes remotos provocar una denegación de servicio (caída del servidor web) a través de un URL manipulado. • http://dev2dev.bea.com/pub/advisory/275 http://secunia.com/advisories/29041 http://www.securitytracker.com/id?1019450 http://www.vupen.com/english/advisories/2008/0608/references •
CVE-2007-4615
https://notcve.org/view.php?id=CVE-2007-4615
The SSL client implementation in BEA WebLogic Server 7.0 SP7, 8.1 SP2 through SP6, 9.0, 9.1, 9.2 Gold through MP2, and 10.0 sometimes selects the null cipher when others are available, which might allow remote attackers to intercept communications. La implementación del cliente SSL en el BEA WebLogic Server 7.0 SP7, el 8.1 SP2 hasta el SP6, el 9.0, el 9.1, el 9.2 Gold hasta el MP2 y el 10.0, selecciona algunas veces una clave nula cuando otras están habilitadas, lo que puede permitir a atacantes remotos interceptar las comunicaciones. • http://dev2dev.bea.com/pub/advisory/244 http://secunia.com/advisories/26539 http://securitytracker.com/id?1018619 http://www.securityfocus.com/bid/25472 http://www.vupen.com/english/advisories/2007/3008 https://exchange.xforce.ibmcloud.com/vulnerabilities/36322 •