Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bea weblogic server vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2000-0684
BEA WebLogic 5.1.x does not properly restrict access to the JSPServlet, which could allow remote malicious users to compile and execute Java JSP code by directly invoking the servlet on any source file.
Bea Weblogic Server 3.1.8
Bea Weblogic Server 4.5.1
Bea Weblogic Server 4.0.4
1 EDB exploit
10
CVSSv2
CVE-2000-0685
BEA WebLogic 5.1.x does not properly restrict access to the PageCompileServlet, which could allow remote malicious users to compile and execute Java JHTML code by directly invoking the servlet on any source file.
Bea Weblogic Server 3.1.8
Bea Weblogic Server 4.0.4
Bea Weblogic Server 4.5.1
1 EDB exploit
5
CVSSv2
CVE-2007-0412
BEA WebLogic Server 6.1 up to and including 6.1 SP7, 7.0 up to and including 7.0 SP7, and 8.1 up to and including 8.1 SP5 allows remote malicious users to read arbitrary files inside the class-path property via .ear or exploded .ear files that use the manifest class-path property...
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
5
CVSSv2
CVE-2007-0420
BEA WebLogic Server 9.0, 9.1, and 9.2 Gold allows remote malicious users to obtain sensitive information via malformed HTTP requests, which reveal data from previous requests.
Bea Weblogic Server 9.0
Bea Weblogic Server 9.1
Bea Weblogic Server 9.2
5
CVSSv2
CVE-2007-0422
BEA WebLogic Server 9.0, 9.1, and 9.2 Gold, when running on Solaris 9, allows remote malicious users to cause a denial of service (server inaccessibility) via manipulated socket connections.
Bea Weblogic Server 9.0
Bea Weblogic Server 9.1
Bea Weblogic Server 9.2
5
CVSSv2
CVE-2005-4749
HTTP request smuggling vulnerability in BEA WebLogic Server and WebLogic Express 8.1 SP4 and previous versions, 7.0 SP6 and previous versions, and 6.1 SP7 and previous versions allows remote malicious users to inject arbitrary HTTP headers via unspecified attack vectors.
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
7.5
CVSSv2
CVE-2005-4763
BEA WebLogic Server and WebLogic Express 8.1 SP4 and previous versions, 7.0 SP6 and previous versions, and 6.1 SP7 and previous versions, when Internet Inter-ORB Protocol (IIOP) is used, sometimes include a password in an exception message that is sent to a client or stored in a ...
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
7.2
CVSSv2
CVE-2004-0652
BEA WebLogic Server and WebLogic Express 7.0 up to and including 7.0 Service Pack 4, and 8.1 up to and including 8.1 Service Pack 2, allows malicious users to obtain the username and password for booting the server by directly accessing certain internal methods.
Bea Weblogic Server 7.0.0.1
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
6.4
CVSSv2
CVE-2004-0713
The remove method in a stateful Enterprise JavaBean (EJB) in BEA WebLogic Server and WebLogic Express version 8.1 through SP2, 7.0 through SP4, and 6.1 through SP6, does not properly check EJB permissions before unexporting a bean, which allows remote authenticated users to remov...
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
6.8
CVSSv2
CVE-2007-2696
The JMS Server in BEA WebLogic Server 6.1 through SP7, 7.0 through SP6, and 8.1 through SP5 enforces security access policies on the front end, which allows remote malicious users to access protected queues via direct requests to the JMS back-end server.
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4654
CVE-2023-49606
encryption
NULL pointer dereference
CVE-2024-4439
CVE-2024-4649
race condition
CVE-2024-27202
CVE-2024-34566
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »