Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bea weblogic server 8.1 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2006-0426
BEA WebLogic Server and WebLogic Express 8.1 through SP4, when configuration auditing is enabled and a password change occurs, stores the old and new passwords in cleartext in the DefaultAuditRecorder.log file, which could allow malicious users to gain privileges.
Bea Weblogic Server 8.1
NA
CVE-2006-0431
Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 8.1 SP5 allows untrusted applications to obtain the server's SSL identity via unknown attack vectors.
Bea Weblogic Server 8.1
NA
CVE-2006-2461
BEA WebLogic Server prior to 8.1 Service Pack 4 does not properly set the Quality of Service in certain circumstances, which prevents some transmissions from being encrypted via SSL, and allows remote malicious users to more easily read potentially sensitive network traffic.
Bea Weblogic Server 8.1
NA
CVE-2006-2546
A recommended admin password reset mechanism for BEA WebLogic Server 8.1, when followed before October 10, 2005, causes the administrator password to be stored in cleartext in the domain directory, which could allow malicious users to gain privileges.
Bea Weblogic Server 8.1
NA
CVE-2005-4754
BEA WebLogic Server and WebLogic Express 8.1 SP3 and previous versions allow remote malicious users to obtain sensitive information (intranet IP addresses) via unknown attack vectors involving "network address translation."
Bea Weblogic Server 8.1
NA
CVE-2005-4755
BEA WebLogic Server and WebLogic Express 8.1 SP3 and previous versions (1) stores the private key passphrase (CustomTrustKeyStorePassPhrase) in cleartext in nodemanager.config; or, during domain creation with the Configuration Wizard, renders an SSL private key passphrase in clea...
Bea Weblogic Server 8.1
NA
CVE-2005-4758
Unspecified vulnerability in the Administration server in BEA WebLogic Server and WebLogic Express 8.1 SP3 and previous versions allows remote authenticated Admin users to read arbitrary files via unknown attack vectors related to an "internal servlet" accessed through ...
Bea Weblogic Server 8.1
NA
CVE-2004-2424
BEA WebLogic Server and WebLogic Express 8.1 up to and including 8.1 SP2 allow remote malicious users to cause a denial of service (network port consumption) via unknown actions in HTTPS sessions, which prevents the server from releasing the network port when the session ends.
Bea Weblogic Server 8.1
NA
CVE-2003-1222
BEA Weblogic Express and Server 8.0 up to and including 8.1 SP 1, when using a foreign Java Message Service (JMS) provider, echoes the password for the foreign provider to the console and stores it in cleartext in config.xml, which could allow malicious users to obtain the passwo...
Bea Weblogic Server 8.1
NA
CVE-2005-1380
Cross-site scripting (XSS) vulnerability in BEA Admin Console 8.1 allows remote malicious users to execute arbitrary web script or HTML via the server parameter to a JndiFramesetAction action.
Bea Weblogic Server 8.1
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-36920
buffer overflow
CVE-2024-36913
CVE-2024-5497
CVE-2024-23917
CVE-2024-4956
server-side request forgery
CVE-2024-35468
SSTI
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »