CVSS: 7.5EPSS: 0%CPEs: 76EXPL: 0CVE-2005-1748
https://notcve.org/view.php?id=CVE-2005-1748
24 May 2005 — The embedded LDAP server in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through Service Pack 5, allows remote anonymous binds, which may allow remote attackers to view user entries or cause a denial of service. • http://dev2dev.bea.com/pub/advisory/131 •
CVSS: 7.5EPSS: 0%CPEs: 76EXPL: 0CVE-2005-1749
https://notcve.org/view.php?id=CVE-2005-1749
24 May 2005 — Buffer overflow in BEA WebLogic Server and WebLogic Express 6.1 Service Pack 4 allows remote attackers to cause a denial of service (CPU consumption from thread looping). • http://dev2dev.bea.com/pub/advisory/132 •
CVSS: 6.8EPSS: 1%CPEs: 15EXPL: 4CVE-2005-1380 – BEA WebLogic Server 8.1 / WebLogic Express Administration Console - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2005-1380
02 May 2005 — Cross-site scripting (XSS) vulnerability in BEA Admin Console 8.1 allows remote attackers to execute arbitrary web script or HTML via the server parameter to a JndiFramesetAction action. • https://www.exploit-db.com/exploits/25546 •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2005-0432
https://notcve.org/view.php?id=CVE-2005-0432
15 Feb 2005 — BEA WebLogic Server 7.0 Service Pack 5 and earlier, and 8.1 Service Pack 3 and earlier, generates different login exceptions that suggest why an authentication attempt fails, which makes it easier for remote attackers to guess passwords via brute force attacks. • http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA05-74.00.jsp •
CVSS: 7.8EPSS: 0%CPEs: 46EXPL: 0CVE-2004-1757
https://notcve.org/view.php?id=CVE-2004-1757
31 Dec 2004 — BEA WebLogic Server and Express 8.1, SP1 and earlier, stores the administrator password in cleartext in config.xml, which allows local users to gain privileges. • http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_50.00.jsp •
CVSS: 5.8EPSS: 7%CPEs: 85EXPL: 0CVE-2004-2320 – Micro Focus Security Bulletin MFSBGN03812 1
https://notcve.org/view.php?id=CVE-2004-2320
31 Dec 2004 — The default configuration of BEA WebLogic Server and Express 8.1 SP2 and earlier, 7.0 SP4 and earlier, 6.1 through SP6, and 5.1 through SP13 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting. A potential security vulnerability has been identified in Micro Focus Application Performance Management. The vulnerability could be remotely exploited to remote cross-site tracing ... • http://dev2dev.bea.com/pub/advisory/68 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2004-2321
https://notcve.org/view.php?id=CVE-2004-2321
31 Dec 2004 — BEA WebLogic Server and Express 8.1 SP1 and earlier allows local users in the Operator role to obtain administrator passwords via MBean attributes, including (1) ServerStartMBean.Password and (2) NodeManagerMBean.CertificatePassword. • http://dev2dev.bea.com/pub/advisory/1 •
CVSS: 7.5EPSS: 1%CPEs: 15EXPL: 0CVE-2004-2424
https://notcve.org/view.php?id=CVE-2004-2424
31 Dec 2004 — BEA WebLogic Server and WebLogic Express 8.1 through 8.1 SP2 allow remote attackers to cause a denial of service (network port consumption) via unknown actions in HTTPS sessions, which prevents the server from releasing the network port when the session ends. • http://dev2dev.bea.com/pub/advisory/7 •
CVSS: 9.1EPSS: 0%CPEs: 61EXPL: 0CVE-2004-2696
https://notcve.org/view.php?id=CVE-2004-2696
31 Dec 2004 — BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, when using Remote Method Invocation (RMI) over Internet Inter-ORB Protocol (IIOP), does not properly handle when multiple logins for different users coming from the same client, which could cause an "unexpected user identity" to be used in an RMI call. • http://dev2dev.bea.com/pub/advisory/59 • CWE-255: Credentials Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 21EXPL: 0CVE-2004-0711
https://notcve.org/view.php?id=CVE-2004-0711
21 Jul 2004 — The URL pattern matching feature in BEA WebLogic Server 6.x matches illegal patterns ending in "*" as wildcards as if they were the legal "/*" pattern, which could cause WebLogic 7.x to allow remote attackers to bypass intended access restrictions because the illegal patterns are properly rejected. La característica de coincidencia de patrones en URL de WebLogic Server 6.x encuentra coincidencias en patrones ilegales terminados en "*" como comodines como si fueran el patrón legal "/", lo que podría causar q... • http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_56.00.jsp •