Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bea weblogic server 7.0 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2010-2375
Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote malicious users to affect confidentiality and inte...
Bea Weblogic Server 7.0
Bea Weblogic Server 9.0
Bea Systems Weblogic Server 10.0
Bea Weblogic Server 9.1
Bea Weblogic Server 8.1
Bea Weblogic Server 9.2
Oracle Weblogic Server 10.3.2.0.0
Oracle Weblogic Server 10.3.3.0.0
1 EDB exploit
NA
CVE-2007-5576
BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which allows physically proximate malicious users to obtain sensitive information via the (1) cnsbind, (2) cnsunbind, or (3) cnsls commands.
Bea Weblogic Server 8.1
Bea Weblogic Server 7.0
Bea Weblogic Server 7.0.0.1
Bea Weblogic Server 6.1
Bea Tuxedo 8.0
Bea Weblogic Integration 8.1
Bea Weblogic Server 9.0
Bea Weblogic Server 9.2
Bea Weblogic Workshop 8.1
Bea Weblogic Integration 9.2
Bea Weblogic Server 5.1
Bea Weblogic Server 9.1
Bea Tuxedo 8.1
Oracle Weblogic Portal 9.2
NA
CVE-2008-3257
Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and previous versions allows remote malicious users to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /....
Bea Weblogic Server 7.0.0.1
Bea Weblogic Server 6.1
Bea Weblogic Server 4.5.2
Bea Weblogic Server 4.5.1
Bea Weblogic Server 7.0
Bea Weblogic Server 9.2
Bea Weblogic Server 8.1
Bea Weblogic Server 9.0
Bea Weblogic Server 6.0
Bea Weblogic Server 5.1
Oracle Weblogic Server
Bea Weblogic Server 3.1.8
Bea Weblogic Server 4.5
Bea Weblogic Server 9.1
Bea Weblogic Server 10.0
Bea Systems Weblogic Server 10.0 Mp1
Bea Weblogic Server 4.0.4
Bea Systems Apache Connector In Weblogic Server
Bea Weblogic Server 4.0
2 EDB exploits
1 Github repository
NA
CVE-2005-4766
BEA WebLogic Server and WebLogic Express 8.1 SP4 and previous versions, and 7.0 SP5 and previous versions, do not encrypt multicast traffic, which might allow remote malicious users to read sensitive cluster synchronization messages by sniffing the multicast traffic.
Bea Weblogic Server 8.1
Bea Weblogic Server 7.0
NA
CVE-2004-1756
BEA WebLogic Server and WebLogic Express 8.1 SP2 and previous versions, and 7.0 SP4 and previous versions, when using 2-way SSL with a custom trust manager, may accept a certificate chain even if the trust manager rejects it, which allows remote malicious users to spoof other use...
Bea Weblogic Server 8.1
Bea Weblogic Server 7.0
NA
CVE-2005-4752
BEA WebLogic Server and WebLogic Express 8.1 SP4 and previous versions, and 7.0 SP6 and previous versions, might allow local users to gain privileges by using the run-as deployment descriptor element to change the privileges of a web application or EJB from the Deployer security ...
Bea Weblogic Server 8.1
Bea Weblogic Server 7.0
NA
CVE-2005-4757
BEA WebLogic Server and WebLogic Express 8.1 SP3 and previous versions, and 7.0 SP5 and previous versions, do not properly "constrain" a "/" (slash) servlet root URL pattern, which might allow remote malicious users to bypass intended servlet protections.
Bea Weblogic Server 8.1
Bea Weblogic Server 7.0
NA
CVE-2005-4765
BEA WebLogic Server and WebLogic Express 8.1 SP4 and previous versions and 7.0 SP6 and previous versions, when using the weblogic.Deployer command with the t3 protocol, does not use the secure t3s protocol even when an Administration port is enabled on the Administration server, ...
Bea Weblogic Server 8.1
Bea Weblogic Server 7.0
NA
CVE-2007-2701
The JMS Message Bridge in BEA WebLogic Server 7.0 through SP7 and 8.1 through Service Pack 6, when configured without a username and password, or when the connection URL is not defined, allows remote malicious users to bypass the security access policy and "send unauthorized...
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
NA
CVE-2004-0711
The URL pattern matching feature in BEA WebLogic Server 6.x matches illegal patterns ending in "*" as wildcards as if they were the legal "/*" pattern, which could cause WebLogic 7.x to allow remote malicious users to bypass intended access restrictions becaus...
Bea Weblogic Server 8.1
Bea Weblogic Server 7.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »