Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bea weblogic server vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2005-1743
BEA WebLogic Server and WebLogic Express 8.1 through Service Pack 3 and 7.0 through Service Pack 5 does not properly handle when a security provider throws an exception, which may cause WebLogic to use incorrect identity for the thread, or to fail to audit security exceptions.
Oracle Weblogic Portal 8.0
Bea Weblogic Server 6.0
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0.0.1
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
7.5
CVSSv2
CVE-2005-1744
BEA WebLogic Server and WebLogic Express 7.0 through Service Pack 5 does not log out users when an application is redeployed, which allows those users to continue to access the application without having to log in again, which may be in violation of newly changed security constra...
Bea Weblogic Server
7.5
CVSSv2
CVE-2004-1755
The Web Services fat client for BEA WebLogic Server and Express 7.0 SP4 and previous versions, when using 2-way SSL and multiple certificates to connect to the same URL, may use the incorrect identity after the first connection, which could allow users to gain privileges.
7.5
CVSSv2
CVE-2004-0204
Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows ...
Bea Weblogic Server 8.1
Businessobjects Crystal Reports 10
Businessobjects Crystal Reports 9
Businessobjects Crystal Enterprise Java Sdk 8.5
Businessobjects Crystal Enterprise Ras 8.5
Borland Software J Builder
Microsoft Business Solutions Crm 1.2
Microsoft Outlook 2003
Businessobjects Crystal Enterprise 10
Businessobjects Crystal Enterprise 9
Microsoft Visual Studio .net 2003
1 EDB exploit
7.5
CVSSv2
CVE-2004-0711
The URL pattern matching feature in BEA WebLogic Server 6.x matches illegal patterns ending in "*" as wildcards as if they were the legal "/*" pattern, which could cause WebLogic 7.x to allow remote malicious users to bypass intended access restrictions becaus...
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
7.5
CVSSv2
CVE-2004-0470
BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 through SP2, when editing weblogic.xml using WebLogic Builder or the SecurityRoleAssignmentMBean.toXML method, inadvertently removes security-role-assignment tags when weblogic.xml does not have a principal-name tag...
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
7.5
CVSSv2
CVE-2003-0151
BEA WebLogic Server and Express 6.0 up to and including 7.0 does not properly restrict access to certain internal servlets that perform administrative functions, which allows remote malicious users to read arbitrary files or execute arbitrary code.
Bea Weblogic Server 6.0
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0.0.1
Bea Weblogic Server 7.0
7.5
CVSSv2
CVE-2002-2141
BEA WebLogic Server and Express 7.0 and 7.0.0.1, when running Servlets and Enterprise JavaBeans (EJB) on more than one server, will remove the security constraints and roles on all servers for any Servlets or EJB that are used by an application that is undeployed on one server, w...
Bea Weblogic Server 7.0.0.1
Bea Weblogic Server 7.0
7.5
CVSSv2
CVE-2002-2142
An undocumented extension for the Servlet mappings in the Servlet 2.3 specification, when upgrading to WebLogic Server and Express 7.0 Service Pack 1 from BEA WebLogic Server and Express 6.0 up to and including 7.0.0.1, does not prepend a "/" character in certain URL pa...
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0
Bea Weblogic Server 7.0.0.1
Bea Weblogic Integration 7.0
Bea Weblogic Server 6.0
7.5
CVSSv2
CVE-2000-1238
BEA Systems WebLogic Express and WebLogic Server 5.1 SP1-SP6 allows remote malicious users to bypass access controls for restricted JSP or servlet pages via a URL with multiple / (forward slash) characters before the restricted pages.
Bea Weblogic Server 5.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site request forgery
CVE-2024-34351
CVE-2024-1076
CVE-2024-25522
CVE-2024-34547
CVE-2024-4644
unauthorized
remote
CVE-2024-4671
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »