bea weblogic server 3.1.8 vulnerabilities and exploits

(subscribe to this query)

NA

Cross-site scripting (XSS) vulnerability in InteractiveQuery.jsp for BEA WebLogic 8.1 and previous versions allows remote malicious users to inject malicious web script via the person parameter.

Bea Weblogic Server Bea Weblogic Server 3.1.8

1 EDB exploit

NA

BEA WebLogic 5.1.x does not properly restrict access to the JSPServlet, which could allow remote malicious users to compile and execute Java JSP code by directly invoking the servlet on any source file.

Bea Weblogic Server 3.1.8 Bea Weblogic Server 4.5.1 Bea Weblogic Server 4.0.4

1 EDB exploit

NA

BEA WebLogic 5.1.x does not properly restrict access to the PageCompileServlet, which could allow remote malicious users to compile and execute Java JHTML code by directly invoking the servlet on any source file.

Bea Weblogic Server 3.1.8 Bea Weblogic Server 4.0.4 Bea Weblogic Server 4.5.1

1 EDB exploit

NA

The default configuration of BEA WebLogic 5.1.0 allows a remote malicious user to view source code of programs by requesting a URL beginning with /file/, which causes the default servlet to display the file without further processing.

Bea Weblogic Server 5.1 Bea Weblogic Server 4.0 Bea Weblogic Server 3.1.8 Bea Weblogic Server 4.5

1 EDB exploit

7.5

CVSSv3

The default configuration of BEA WebLogic 3.1.8 up to and including 4.5.1 allows a remote malicious user to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case.

Bea Weblogic Server

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook