CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-3213
https://notcve.org/view.php?id=CVE-2018-3213
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Docker Images). The supported version that is affected is prior to Docker 12.2.1.3.20180913. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). • http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/105633 http://www.securitytracker.com/id/1041896 https://www.tenable.com/security/research/tra-2018-32 •
CVSS: 4.3EPSS: 0%CPEs: 16EXPL: 0CVE-2010-4453
https://notcve.org/view.php?id=CVE-2010-4453
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 7.0.7, 8.1.6, 9.0, 9.1, 9.2.4, 10.0.2, 10.3.2, and 10.3.3 allows remote attackers to affect integrity via unknown vectors related to Servlet Container. Vulnerabilidad no especificada en el componente Oracle WebLogic Server para Oracle Fusion Middleware v7.0.7, v8.1.6, v9.0, v9.1, v9.2.4, v10.0.2, v10.3.2, y v10.3.3 permite a atacantes remotos afectar a la integridad a través de vectores desconocidos relacionados Servlet Container. • http://osvdb.org/70584 http://secunia.com/advisories/42975 http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html http://www.securityfocus.com/bid/45877 http://www.securitytracker.com/id?1024981 http://www.vupen.com/english/advisories/2011/0143 https://exchange.xforce.ibmcloud.com/vulnerabilities/64766 •
CVSS: 6.4EPSS: 0%CPEs: 8EXPL: 1CVE-2010-2375 – Oracle WebLogic Server 10.3.3 - Encoded URL
https://notcve.org/view.php?id=CVE-2010-2375
Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS. Paquete/Privilegio: Plugins para Apache, Sun y servicios web IIS, vulnerabilidad no especificada en el componente WebLogic Server de Oracle Fusion Middleware v7.0 SP7, v8.1 SP6, v9.0, v9.1, v9.2 MP3, v10.0 MP2, v10.3.2 y v10.3.3, permite a atacantes remotos afectar la confidencialidad e integridad, relacionado con IIS. • https://www.exploit-db.com/exploits/34312 http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html •
CVSS: 10.0EPSS: 8%CPEs: 7EXPL: 0CVE-2010-0073
https://notcve.org/view.php?id=CVE-2010-0073
Unspecified vulnerability in the WebLogic Server in Oracle WebLogic Server 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, and 10.3.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Vulnerabilidad no especificada en el WebLogic Server en Oracle WebLogic Server v7.0 SP7,v8.1 SP6, v9.0, v9.1, v9.2 MP3, v10.0 MP2, y v10.3.2, permite a atacantes remotos comprometer la confidencialidad, integridad y disponibilidad a través de vectores desconocidos. • http://secunia.com/advisories/39439 http://www.oracle.com/technology/deploy/security/alerts/alert-cve-2010-0073.html http://www.us-cert.gov/cas/techalerts/TA10-103B.html http://www.vupen.com/english/advisories/2010/0216 •
CVSS: 10.0EPSS: 94%CPEs: 72EXPL: 2CVE-2008-3257 – Bea Weblogic Apache Connector - Code Execution / Denial of Service
https://notcve.org/view.php?id=CVE-2008-3257
Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request. Desbordamiento de búfer basado en pila en Apache Connector (mod_wl) en Oracle WebLogic Server (anteriormente BEA Weblogic Server) 10.3 y anteriores, permite a atacantes remotos ejecutar código de su elección a través de una cadena larga HTTP, como se ha demostrado mediante una cadena después del "POST /.jsp" en una petición HTTP. NOTA: es probable que esta vulnerabilidad se solape con el CVE-2008-2579 u otra vulnerabilidad revelada en los avisos de Oracle CPUJul2008. • https://www.exploit-db.com/exploits/6089 https://www.exploit-db.com/exploits/18897 http://blogs.oracle.com/security/2008/07/security_alert_for_cve-2008-3257_released.html http://secunia.com/advisories/31146 http://www.attrition.org/pipermail/vim/2008-July/002035.html http://www.attrition.org/pipermail/vim/2008-July/002036.html http://www.kb.cert.org/vuls/id/716387 http://www.oracle.com/technology/deploy/security/alerts/alert_cve2008-3257.html http://www.securityfocus.com& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •