Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bea weblogic server vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2005-4759
BEA WebLogic Server and WebLogic Express 8.1 and 7.0, during a migration across operating system platforms, do not warn the administrative user about platform differences in URLResource case sensitivity, which might cause local users to inadvertently lose protection of Web Applic...
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
NA
CVE-2006-0420
BEA WebLogic Server and WebLogic Express 8.1 through SP4 and 7.0 through SP6 does not properly handle when servlets use relative forwarding, which allows remote malicious users to cause a denial of service (slowdown) via unknown attack vectors that cause "looping stack overf...
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
NA
CVE-2006-0421
By design, BEA WebLogic Server and WebLogic Express 7.0 and 6.1, when creating multiple domains from the same WebLogic instance on the same machine, allows administrators of any created domain to access other created domains, which could allow administrators to gain privileges th...
Bea Weblogic Server 7.0
Bea Weblogic Server 6.1
NA
CVE-2004-0711
The URL pattern matching feature in BEA WebLogic Server 6.x matches illegal patterns ending in "*" as wildcards as if they were the legal "/*" pattern, which could cause WebLogic 7.x to allow remote malicious users to bypass intended access restrictions becaus...
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
NA
CVE-2004-0715
The WebLogic Authentication provider for BEA WebLogic Server and WebLogic Express 8.1 through SP2 and 7.0 through SP4 does not properly clear member relationships when a group is deleted, which can cause a new group with the same name to have the members of the old group, which a...
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
NA
CVE-2006-0427
Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 9.0 and 8.1 through SP5 allows malicious EJBs or servlet applications to decrypt system passwords, possibly by accessing functionality that should have been restricted.
Bea Weblogic Server 8.1
Bea Weblogic Server 9.0
NA
CVE-2006-2464
stopWebLogic.sh in BEA WebLogic Server 8.1 before Service Pack 4 and 7.0 before Service Pack 6 displays the administrator password to stdout when executed, which allows local users to obtain the password by viewing a local display.
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
NA
CVE-2006-2466
BEA WebLogic Server 8.1 up to SP4 and 7.0 up to SP6 allows remote malicious users to obtain the source code of JSP pages during certain circumstances related to a "timing window" when a compilation error occurs, aka the "JSP showcode vulnerability."
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
NA
CVE-2005-4752
BEA WebLogic Server and WebLogic Express 8.1 SP4 and previous versions, and 7.0 SP6 and previous versions, might allow local users to gain privileges by using the run-as deployment descriptor element to change the privileges of a web application or EJB from the Deployer security ...
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
NA
CVE-2005-4753
BEA WebLogic Server and WebLogic Express 8.1 SP4 and previous versions, and 7.0 SP6 and previous versions, in certain "heavy usage" scenarios, report incorrect severity levels for an audit event, which might allow malicious users to perform unauthorized actions and avoi...
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »