Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bea weblogic server 7.0 vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2007-0412
BEA WebLogic Server 6.1 up to and including 6.1 SP7, 7.0 up to and including 7.0 SP7, and 8.1 up to and including 8.1 SP5 allows remote malicious users to read arbitrary files inside the class-path property via .ear or exploded .ear files that use the manifest class-path property...
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
641
VMScore
CVE-2004-0652
BEA WebLogic Server and WebLogic Express 7.0 up to and including 7.0 Service Pack 4, and 8.1 up to and including 8.1 Service Pack 2, allows malicious users to obtain the username and password for booting the server by directly accessing certain internal methods.
Bea Weblogic Server 7.0.0.1
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
409
VMScore
CVE-2004-1757
BEA WebLogic Server and Express 8.1, SP1 and previous versions, stores the administrator password in cleartext in config.xml, which allows local users to gain privileges.
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
570
VMScore
CVE-2004-0713
The remove method in a stateful Enterprise JavaBean (EJB) in BEA WebLogic Server and WebLogic Express version 8.1 through SP2, 7.0 through SP4, and 6.1 through SP6, does not properly check EJB permissions before unexporting a bean, which allows remote authenticated users to remov...
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
445
VMScore
CVE-2005-4705
BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7, when a Java client application creates an SSL connection to the server after it has already created an insecure connection, will use the insecure connection, which allows remote malici...
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
445
VMScore
CVE-2005-4749
HTTP request smuggling vulnerability in BEA WebLogic Server and WebLogic Express 8.1 SP4 and previous versions, 7.0 SP6 and previous versions, and 6.1 SP7 and previous versions allows remote malicious users to inject arbitrary HTTP headers via unspecified attack vectors.
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
668
VMScore
CVE-2005-4750
BEA WebLogic Server and WebLogic Express 8.1 SP4 and previous versions, 7.0 SP5 and previous versions, and 6.1 SP7 and previous versions allow remote malicious users to cause a denial of service (server thread hang) via unknown attack vectors.
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
409
VMScore
CVE-2004-1758
BEA WebLogic Server and WebLogic Express version 8.1 up to SP2, 7.0 up to SP4, and 6.1 up to SP6 may store the database username and password for an untargeted JDBC connection pool in plaintext in config.xml, which allows local users to gain privileges.
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
694
VMScore
CVE-2007-4618
Unspecified vulnerability in BEA WebLogic Server 6.1 Gold through SP7 and 7.0 Gold through SP7 allows remote malicious users to cause a denial of service (disk consumption) via certain malformed HTTP headers.
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0
Bea Weblogic Server 6.0
445
VMScore
CVE-2006-1352
BEA WebLogic Server and WebLogic Express 8.1 SP4 and previous versions, 7.0 SP6 and previous versions, and WebLogic Server 6.1 SP7 and previous versions allow remote malicious users to cause a denial of service (memory exhaustion) via crafted non-canonicalized XML documents.
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »