Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bea weblogic server 8.1 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-0900
Session fixation vulnerability in BEA WebLogic Server and Express 8.1 SP4 through SP6, 9.2 through MP1, and 10.0 allows remote authenticated users to hijack web sessions via unknown vectors.
Bea Weblogic Server 8.1
Bea Weblogic Server 10.0
Bea Weblogic Server 9.2
Bea Systems Weblogic Express 10.0
Bea Systems Weblogic Express 9.2
NA
CVE-2004-1756
BEA WebLogic Server and WebLogic Express 8.1 SP2 and previous versions, and 7.0 SP4 and previous versions, when using 2-way SSL with a custom trust manager, may accept a certificate chain even if the trust manager rejects it, which allows remote malicious users to spoof other use...
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
NA
CVE-2005-4752
BEA WebLogic Server and WebLogic Express 8.1 SP4 and previous versions, and 7.0 SP6 and previous versions, might allow local users to gain privileges by using the run-as deployment descriptor element to change the privileges of a web application or EJB from the Deployer security ...
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
NA
CVE-2005-4753
BEA WebLogic Server and WebLogic Express 8.1 SP4 and previous versions, and 7.0 SP6 and previous versions, in certain "heavy usage" scenarios, report incorrect severity levels for an audit event, which might allow malicious users to perform unauthorized actions and avoi...
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
NA
CVE-2005-4756
BEA WebLogic Server and WebLogic Express 8.1 SP4 and previous versions, and 7.0 SP5 and previous versions, do not properly validate derived Principals with multiple PrincipalValidators, which might allow malicious users to gain privileges.
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
NA
CVE-2005-4757
BEA WebLogic Server and WebLogic Express 8.1 SP3 and previous versions, and 7.0 SP5 and previous versions, do not properly "constrain" a "/" (slash) servlet root URL pattern, which might allow remote malicious users to bypass intended servlet protections.
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
NA
CVE-2005-4760
BEA WebLogic Server and WebLogic Express 8.1 SP3 and previous versions, and 7.0 SP5 and previous versions, when fullyDelegatedAuthorization is enabled for a servlet, does not cause servlet deployment to fail when failures occur in authorization or role providers, which might prev...
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
NA
CVE-2005-4766
BEA WebLogic Server and WebLogic Express 8.1 SP4 and previous versions, and 7.0 SP5 and previous versions, do not encrypt multicast traffic, which might allow remote malicious users to read sensitive cluster synchronization messages by sniffing the multicast traffic.
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
NA
CVE-2005-4767
BEA WebLogic Server and WebLogic Express 8.1 SP5 and previous versions, and 7.0 SP6 and previous versions, when using username/password authentication, does not lock out a username after the maximum number of invalid login attempts, which makes it easier for remote malicious user...
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
NA
CVE-2005-4759
BEA WebLogic Server and WebLogic Express 8.1 and 7.0, during a migration across operating system platforms, do not warn the administrative user about platform differences in URLResource case sensitivity, which might cause local users to inadvertently lose protection of Web Applic...
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »