Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bea weblogic server vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2000-0685
BEA WebLogic 5.1.x does not properly restrict access to the PageCompileServlet, which could allow remote malicious users to compile and execute Java JHTML code by directly invoking the servlet on any source file.
Bea Weblogic Server 3.1.8
Bea Weblogic Server 4.0.4
Bea Weblogic Server 4.5.1
1 EDB exploit
7.5
CVSSv2
CVE-2005-4763
BEA WebLogic Server and WebLogic Express 8.1 SP4 and previous versions, 7.0 SP6 and previous versions, and 6.1 SP7 and previous versions, when Internet Inter-ORB Protocol (IIOP) is used, sometimes include a password in an exception message that is sent to a client or stored in a ...
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
5
CVSSv2
CVE-2006-2471
Multiple vulnerabilities in BEA WebLogic Server 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7 leak sensitive information to remote attackers, including (1) DNS and IP addresses to address to T3 clients, (2) internal sensitive information using GetIORServlet, (3) certain &...
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
5
CVSSv2
CVE-2006-1352
BEA WebLogic Server and WebLogic Express 8.1 SP4 and previous versions, 7.0 SP6 and previous versions, and WebLogic Server 6.1 SP7 and previous versions allow remote malicious users to cause a denial of service (memory exhaustion) via crafted non-canonicalized XML documents.
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
6.8
CVSSv2
CVE-2003-0733
Multiple cross-site scripting (XSS) vulnerabilities in WebLogic Integration 7.0 and 2.0, Liquid Data 1.1, and WebLogic Server and Express 5.1 up to and including 7.0, allow remote malicious users to execute arbitrary web script and steal authentication credentials via (1) a forwa...
Bea Liquid Data 1.1
Bea Weblogic Integration 2.0
Bea Weblogic Integration 7.0
Bea Weblogic Server 5.1
Bea Weblogic Server 7.0
7.5
CVSSv2
CVE-2007-0425
Unspecified vulnerability in BEA WebLogic Platform and Server 8.1 up to and including 8.1 SP5, and JRockit 1.4.2 R4.5 and previous versions, allows malicious users to gain privileges via unspecified vectors, related to an "overflow condition," probably a buffer overflow...
Bea Weblogic Server 8.1
Bea Jrockit
Bea Weblogic Server
7.5
CVSSv2
CVE-2007-6384
Unspecified vulnerability in the Image Converter functionality in BEA WebLogic Mobility Server 3.3, 3.5, and 3.6 up to and including 3.6 SP1 allows remote malicious users to obtain application file and resource access via unspecified vectors.
Bea Weblogic Mobility Server 3.5
Bea Weblogic Mobility Server 3.6
Bea Weblogic Mobility Server 3.3
7.5
CVSSv2
CVE-2007-0408
BEA Weblogic Server 8.1 up to and including 8.1 SP4 does not properly validate client certificates when reusing cached connections, which allows remote malicious users to obtain access via an untrusted X.509 certificate.
Bea Weblogic Server 8.1
Bea Weblogic Server
1 Github repository
4.4
CVSSv2
CVE-2007-0413
BEA WebLogic Server 8.1 up to and including 8.1 SP5 stores cleartext data in a backup of config.xml after offline editing, which allows local users to obtain sensitive information by reading this backup file.
Bea Weblogic Server 8.1
Bea Weblogic Server
5
CVSSv2
CVE-2007-0415
BEA WebLogic Server 8.1 up to and including 8.1 SP5 does not properly enforce access control after a dynamic update and dynamic redeployment of an application that is implemented through exploded jars, which allows malicious users to bypass intended access restrictions.
Bea Weblogic Server 8.1
Bea Weblogic Server
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »