Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bea weblogic server 7.0 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2005-4760
BEA WebLogic Server and WebLogic Express 8.1 SP3 and previous versions, and 7.0 SP5 and previous versions, when fullyDelegatedAuthorization is enabled for a servlet, does not cause servlet deployment to fail when failures occur in authorization or role providers, which might prev...
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
NA
CVE-2005-4761
BEA WebLogic Server and WebLogic Express 8.1 SP4 and previous versions, 7.0 SP5 and previous versions, and 6.1 SP7 and previous versions log the Java command line at server startup, which might include sensitive information (passwords or keyphrases) in the server log file when th...
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
NA
CVE-2005-4762
BEA WebLogic Server and WebLogic Express 8.1 SP4 and previous versions, 7.0 SP6 and previous versions, and 6.1 SP7 and previous versions sometimes stores the boot password in the registry in cleartext, which might allow local users to gain administrative privileges.
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
NA
CVE-2005-4763
BEA WebLogic Server and WebLogic Express 8.1 SP4 and previous versions, 7.0 SP6 and previous versions, and 6.1 SP7 and previous versions, when Internet Inter-ORB Protocol (IIOP) is used, sometimes include a password in an exception message that is sent to a client or stored in a ...
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
NA
CVE-2005-4764
BEA WebLogic Server and WebLogic Express 9.0, 8.1, and 7.0 lock out the admin user account after multiple incorrect password guesses, which allows remote attackers who know or guess the admin account name to cause a denial of service (blocked admin logins).
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
NA
CVE-2005-4766
BEA WebLogic Server and WebLogic Express 8.1 SP4 and previous versions, and 7.0 SP5 and previous versions, do not encrypt multicast traffic, which might allow remote malicious users to read sensitive cluster synchronization messages by sniffing the multicast traffic.
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
NA
CVE-2005-4767
BEA WebLogic Server and WebLogic Express 8.1 SP5 and previous versions, and 7.0 SP6 and previous versions, when using username/password authentication, does not lock out a username after the maximum number of invalid login attempts, which makes it easier for remote malicious user...
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
NA
CVE-2005-4759
BEA WebLogic Server and WebLogic Express 8.1 and 7.0, during a migration across operating system platforms, do not warn the administrative user about platform differences in URLResource case sensitivity, which might cause local users to inadvertently lose protection of Web Applic...
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
NA
CVE-2005-4765
BEA WebLogic Server and WebLogic Express 8.1 SP4 and previous versions and 7.0 SP6 and previous versions, when using the weblogic.Deployer command with the t3 protocol, does not use the secure t3s protocol even when an Administration port is enabled on the Administration server, ...
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
NA
CVE-2005-4704
Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 8.1 through SP3, 7.0 through SP6, and 6.1 through SP7, when SSL is intended to be used, causes an unencrypted protocol to be used in certain unspecified circumstances, which causes user credentials to be sent a...
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
Bea Weblogic Server 6.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »