Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bea weblogic server 5.1 vulnerabilities and exploits
(subscribe to this query)
516
VMScore
CVE-2004-2320
The default configuration of BEA WebLogic Server and Express 8.1 SP2 and previous versions, 7.0 SP4 and previous versions, 6.1 through SP6, and 5.1 through SP13 responds to the HTTP TRACE request, which can allow remote malicious users to steal information using cross-site tracin...
Bea Weblogic Server 5.1
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
231
VMScore
CVE-2002-1030
Race condition in Performance Pack in BEA WebLogic Server and Express 5.1.x, 6.0.x, 6.1.x and 7.0 allows remote malicious users to cause a denial of service (crash) via a flood of data and connections.
Bea Weblogic Server 5.1
Bea Weblogic Server 6.0
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0
505
VMScore
CVE-2000-0500
The default configuration of BEA WebLogic 5.1.0 allows a remote malicious user to view source code of programs by requesting a URL beginning with /file/, which causes the default servlet to display the file without further processing.
Bea Weblogic Server 5.1
Bea Weblogic Server 4.0
Bea Weblogic Server 3.1.8
Bea Weblogic Server 4.5
1 EDB exploit
383
VMScore
CVE-2003-1438
Race condition in BEA WebLogic Server and Express 5.1 up to and including 7.0.0.1, when using in-memory session replication or replicated stateful session beans, causes the same buffer to be provided to two users, which could allow one user to see session data that was intended f...
Bea Weblogic Server 7.0.0.1
Bea Weblogic Server 5.1
Bea Weblogic Server 6.0
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0
605
VMScore
CVE-2003-0733
Multiple cross-site scripting (XSS) vulnerabilities in WebLogic Integration 7.0 and 2.0, Liquid Data 1.1, and WebLogic Server and Express 5.1 up to and including 7.0, allow remote malicious users to execute arbitrary web script and steal authentication credentials via (1) a forwa...
Bea Liquid Data 1.1
Bea Weblogic Integration 2.0
Bea Weblogic Integration 7.0
Bea Weblogic Server 5.1
Bea Weblogic Server 7.0
1000
VMScore
CVE-2008-3257
Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and previous versions allows remote malicious users to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /....
Bea Weblogic Server 3.1.8
Bea Weblogic Server 4.5.1
Bea Weblogic Server 4.5.2
Bea Weblogic Server 5.1
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0.0.1
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
Bea Weblogic Server 9.0
Bea Weblogic Server 9.1
Bea Weblogic Server 10.0
Bea Weblogic Server 6.0
Bea Weblogic Server 9.2
Bea Weblogic Server 4.0
Bea Weblogic Server 4.0.4
Bea Systems Apache Connector In Weblogic Server
Bea Weblogic Server 4.5
Bea Systems Weblogic Server 10.0 Mp1
Oracle Weblogic Server
2 EDB exploits
1 Github repository
605
VMScore
CVE-2007-5576
BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which allows physically proximate malicious users to obtain sensitive information via the (1) cnsbind, (2) cnsunbind, or (3) cnsls commands.
Bea Weblogic Integration 8.1
Bea Weblogic Integration 9.2
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0.0.1
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
Bea Weblogic Server 9.1
Bea Weblogic Server 9.2
Bea Weblogic Workshop 8.1
Bea Weblogic Server 9.0
Bea Tuxedo 8.0
Bea Tuxedo 8.1
Oracle Weblogic Portal 9.2
Bea Weblogic Server 5.1
445
VMScore
CVE-2003-0622
The Administration Console for BEA Tuxedo 8.1 and previous versions allows remote malicious users to cause a denial of service (hang) via pathname arguments that contain MS-DOS device names such as CON and AUX.
Bea Weblogic Server 4.2
Bea Weblogic Server 5.0.1
Bea Tuxedo 8.0
Bea Tuxedo 8.1
Bea Tuxedo 6.3
Bea Tuxedo 6.4
Bea Weblogic Server 5.1
Bea Tuxedo 6.5
Bea Tuxedo 7.1
505
VMScore
CVE-2003-0621
The Administration Console for BEA Tuxedo 8.1 and previous versions allows remote malicious users to determine the existence of files outside the web root via modified paths in the INIFILE argument.
Bea Tuxedo 6.3
Bea Tuxedo 6.4
Bea Weblogic Server 5.1
Bea Weblogic Server 4.2
Bea Weblogic Server 5.0.1
Bea Tuxedo 6.5
Bea Tuxedo 7.1
Bea Tuxedo 8.0
Bea Tuxedo 8.1
1 EDB exploit
383
VMScore
CVE-2003-0623
Cross-site scripting (XSS) vulnerability in the Administration Console for BEA Tuxedo 8.1 and previous versions allows remote malicious users to inject arbitrary web script via the INIFILE argument.
Bea Tuxedo 8.1
Bea Weblogic Server 4.2
Bea Tuxedo 6.5
Bea Tuxedo 7.1
Bea Tuxedo 8.0
Bea Weblogic Server 5.0.1
Bea Weblogic Server 5.1
Bea Tuxedo 6.3
Bea Tuxedo 6.4
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »