CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2018-3213
https://notcve.org/view.php?id=CVE-2018-3213
17 Oct 2018 — Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Docker Images). The supported version that is affected is prior to Docker 12.2.1.3.20180913. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 7.5 (Confident... • http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html •
CVSS: 10.0EPSS: 78%CPEs: 72EXPL: 2CVE-2008-3257 – Bea Weblogic Apache Connector - Code Execution / Denial of Service
https://notcve.org/view.php?id=CVE-2008-3257
22 Jul 2008 — Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request. Desbordamiento de búfer basado en pila en Apache Connector (mod_wl) en Oracle WebLogic Server (anteriormente BEA Weblogic Server) 10.3 y anteriores, permite a atacantes remotos ejecutar código de su elección a través de una cade... • https://www.exploit-db.com/exploits/6089 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2008-0903
https://notcve.org/view.php?id=CVE-2008-0903
22 Feb 2008 — Unspecified vulnerability in the BEA WebLogic Server and Express proxy plugin, as distributed before November 2007 and before 9.2 MP3 and 10.0 MP2, allows remote attackers to cause a denial of service (web server crash) via a crafted URL. Vulnerabilidad no especificada en el plugin BEA WebLogic Server y Express proxy, como se distribuyó antes de Noviembre de 2007 y antes de 9.2 MP3 y 10.0 MP2, permite a atacantes remotos provocar una denegación de servicio (caída del servidor web) a través de un URL manipul... • http://dev2dev.bea.com/pub/advisory/275 •
CVSS: 7.5EPSS: 0%CPEs: 56EXPL: 0CVE-2007-5576
https://notcve.org/view.php?id=CVE-2007-5576
18 Oct 2007 — BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which allows physically proximate attackers to obtain sensitive information via the (1) cnsbind, (2) cnsunbind, or (3) cnsls commands. BEA Tuxedo 8.0 anterior al RP392 y el 8.1 anterior al RP293 y el WebLogic Enterprise 5.1 anterior al RP174, muestra la contraseña en texto claro, lo que permite a atacantes físicamente próximos obtener información sensible a través de los comandos (1) c... • http://dev2dev.bea.com/pub/advisory/226 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 22EXPL: 0CVE-2007-4613
https://notcve.org/view.php?id=CVE-2007-4613
31 Aug 2007 — SSL libraries in BEA WebLogic Server 6.1 Gold through SP7, 7.0 Gold through SP7, and 8.1 Gold through SP5 might allow remote attackers to obtain plaintext from an SSL stream via a man-in-the-middle attack that injects crafted data and measures the elapsed time before an error response, a different vulnerability than CVE-2006-2461. Librería SSL en el BEA WebLogic Server 6.1 Gold hasta el SP7, 7.0 Gold hasta el SP7 y el 8.1 Gold hasta el SP5, pueden permitir a atacantes remotos la obtención de texto plano de ... • http://dev2dev.bea.com/pub/advisory/201 • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2007-4615
https://notcve.org/view.php?id=CVE-2007-4615
31 Aug 2007 — The SSL client implementation in BEA WebLogic Server 7.0 SP7, 8.1 SP2 through SP6, 9.0, 9.1, 9.2 Gold through MP2, and 10.0 sometimes selects the null cipher when others are available, which might allow remote attackers to intercept communications. La implementación del cliente SSL en el BEA WebLogic Server 7.0 SP7, el 8.1 SP2 hasta el SP6, el 9.0, el 9.1, el 9.2 Gold hasta el MP2 y el 10.0, selecciona algunas veces una clave nula cuando otras están habilitadas, lo que puede permitir a atacantes remotos int... • http://dev2dev.bea.com/pub/advisory/244 •
CVSS: 7.8EPSS: 1%CPEs: 21EXPL: 0CVE-2007-4617
https://notcve.org/view.php?id=CVE-2007-4617
31 Aug 2007 — Unspecified vulnerability in BEA WebLogic Server 6.1 Gold through SP7, 7.0 Gold through SP7, and 8.1 Gold through SP4 allows remote attackers to cause a denial of service (server thread hang) via unspecified vectors. Vulnerabilidad sin especificar en el BEA WebLogic Server 6.1 Gold hasta el SP7, el 7.0 Gold hasta el SP7 y el 8.1 Gold hasta el SP4 permite a atacantes remotos provocar una denegación de servicio (cuelgue del hilo del servidor) a través de vectores sin especificar. • http://dev2dev.bea.com/pub/advisory/246 • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 2%CPEs: 16EXPL: 0CVE-2007-4618
https://notcve.org/view.php?id=CVE-2007-4618
31 Aug 2007 — Unspecified vulnerability in BEA WebLogic Server 6.1 Gold through SP7 and 7.0 Gold through SP7 allows remote attackers to cause a denial of service (disk consumption) via certain malformed HTTP headers. Vulnerabilidad sin especificar en el BEA WebLogic Server 6.1 Gold hata el SP7 y el 7.0 Gold hasta el SP7, permite a atacantes remotos provocar una denegación de servicio (agotamiento de disco) a través de ciertas cabeceras HTTP malformadas. • http://dev2dev.bea.com/pub/advisory/247 • CWE-399: Resource Management Errors •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2007-0408
https://notcve.org/view.php?id=CVE-2007-0408
23 Jan 2007 — BEA Weblogic Server 8.1 through 8.1 SP4 does not properly validate client certificates when reusing cached connections, which allows remote attackers to obtain access via an untrusted X.509 certificate. BEA Weblogic Server 8.1 hasta 8.1 SP4 no valida adecuadamente certificados cliente al reutilizar conexiones cacheadas, lo cual permite a atacantes remotos obtener acceso mediante un certificado X.509 que no es de confianza. • http://dev2dev.bea.com/pub/advisory/202 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2007-0409
https://notcve.org/view.php?id=CVE-2007-0409
23 Jan 2007 — BEA WebLogic 7.0 through 7.0 SP6, 8.1 through 8.1 SP4, and 9.0 initial release does not encrypt passwords stored in the JDBCDataSourceFactory MBean Properties, which allows local administrative users to read the cleartext password. BEA WebLogic 7.0 hasta 7.0 SP6, 8.1 hasta 8.1 SP4, y 9.0 lanzamiento inicial no encripta las contraseñas almacenadas en JDBCDataSourceFactory MBean Properties, lo cual permite a usuarios administrativos locales leer las contraseñas en texto plano. • http://dev2dev.bea.com/pub/advisory/203 •