Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bea weblogic server vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2007-0420
BEA WebLogic Server 9.0, 9.1, and 9.2 Gold allows remote malicious users to obtain sensitive information via malformed HTTP requests, which reveal data from previous requests.
Bea Weblogic Server 9.0
Bea Weblogic Server 9.1
Bea Weblogic Server 9.2
445
VMScore
CVE-2007-0422
BEA WebLogic Server 9.0, 9.1, and 9.2 Gold, when running on Solaris 9, allows remote malicious users to cause a denial of service (server inaccessibility) via manipulated socket connections.
Bea Weblogic Server 9.0
Bea Weblogic Server 9.1
Bea Weblogic Server 9.2
409
VMScore
CVE-2004-1758
BEA WebLogic Server and WebLogic Express version 8.1 up to SP2, 7.0 up to SP4, and 6.1 up to SP6 may store the database username and password for an untargeted JDBC connection pool in plaintext in config.xml, which allows local users to gain privileges.
Bea Weblogic Server 8.1
Bea Weblogic Server 7.0
Bea Weblogic Server 6.1
231
VMScore
CVE-2002-2177
BEA WebLogic Server and Express 6.1 up to and including 7.0.0.1 buffers HTTP requests in a way that can cause BEA to send the same response for two different HTTP requests, which could allow remote malicious users to obtain sensitive information that was intended for other users.
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0
Bea Weblogic Server 7.0.0.1
107
VMScore
CVE-2005-4761
BEA WebLogic Server and WebLogic Express 8.1 SP4 and previous versions, 7.0 SP5 and previous versions, and 6.1 SP7 and previous versions log the Java command line at server startup, which might include sensitive information (passwords or keyphrases) in the server log file when th...
Bea Weblogic Server 8.1
Bea Weblogic Server 7.0
Bea Weblogic Server 6.1
668
VMScore
CVE-2005-4763
BEA WebLogic Server and WebLogic Express 8.1 SP4 and previous versions, 7.0 SP6 and previous versions, and 6.1 SP7 and previous versions, when Internet Inter-ORB Protocol (IIOP) is used, sometimes include a password in an exception message that is sent to a client or stored in a ...
Bea Weblogic Server 8.1
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0
445
VMScore
CVE-2006-2471
Multiple vulnerabilities in BEA WebLogic Server 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7 leak sensitive information to remote attackers, including (1) DNS and IP addresses to address to T3 clients, (2) internal sensitive information using GetIORServlet, (3) certain &...
Bea Weblogic Server 8.1
Bea Weblogic Server 7.0
Bea Weblogic Server 6.1
409
VMScore
CVE-2003-1093
BEA WebLogic Server 6.1, 7.0 and 7.0.0.1, when routing messages to a JMS target domain that is inaccessible, may leak the user's password when it throws a ResourceAllocationException.
Bea Weblogic Server 7.0
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0.0.1
605
VMScore
CVE-2007-2696
The JMS Server in BEA WebLogic Server 6.1 through SP7, 7.0 through SP6, and 8.1 through SP5 enforces security access policies on the front end, which allows remote malicious users to access protected queues via direct requests to the JMS back-end server.
Bea Weblogic Server 6.1
Bea Weblogic Server 8.1
Bea Weblogic Server 7.0
481
VMScore
CVE-2007-2704
BEA WebLogic Server 9.0 up to and including 9.2 allows remote malicious users to cause a denial of service (SSL port unavailability) by accessing a half-closed SSL socket.
Bea Weblogic Server 9.0
Bea Weblogic Server 9.2
Bea Weblogic Server 9.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRF
server-side request forgery
CVE-2024-30067
CVE-2024-5553
CVE-2024-30095
IDOR
CVE-2024-35252
CVE-2024-23692
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »