Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bea weblogic server 7.0 vulnerabilities and exploits
(subscribe to this query)
676
VMScore
CVE-2005-4765
BEA WebLogic Server and WebLogic Express 8.1 SP4 and previous versions and 7.0 SP6 and previous versions, when using the weblogic.Deployer command with the t3 protocol, does not use the secure t3s protocol even when an Administration port is enabled on the Administration server, ...
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
454
VMScore
CVE-2005-4767
BEA WebLogic Server and WebLogic Express 8.1 SP5 and previous versions, and 7.0 SP6 and previous versions, when using username/password authentication, does not lock out a username after the maximum number of invalid login attempts, which makes it easier for remote malicious user...
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
668
VMScore
CVE-2004-0470
BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 through SP2, when editing weblogic.xml using WebLogic Builder or the SecurityRoleAssignmentMBean.toXML method, inadvertently removes security-role-assignment tags when weblogic.xml does not have a principal-name tag...
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
668
VMScore
CVE-2004-0711
The URL pattern matching feature in BEA WebLogic Server 6.x matches illegal patterns ending in "*" as wildcards as if they were the legal "/*" pattern, which could cause WebLogic 7.x to allow remote malicious users to bypass intended access restrictions becaus...
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
454
VMScore
CVE-2004-0715
The WebLogic Authentication provider for BEA WebLogic Server and WebLogic Express 8.1 through SP2 and 7.0 through SP4 does not properly clear member relationships when a group is deleted, which can cause a new group with the same name to have the members of the old group, which a...
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
445
VMScore
CVE-2004-1756
BEA WebLogic Server and WebLogic Express 8.1 SP2 and previous versions, and 7.0 SP4 and previous versions, when using 2-way SSL with a custom trust manager, may accept a certificate chain even if the trust manager rejects it, which allows remote malicious users to spoof other use...
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
445
VMScore
CVE-2006-0420
BEA WebLogic Server and WebLogic Express 8.1 through SP4 and 7.0 through SP6 does not properly handle when servlets use relative forwarding, which allows remote malicious users to cause a denial of service (slowdown) via unknown attack vectors that cause "looping stack overf...
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
445
VMScore
CVE-2005-0432
BEA WebLogic Server 7.0 Service Pack 5 and previous versions, and 8.1 Service Pack 3 and previous versions, generates different login exceptions that suggest why an authentication attempt fails, which makes it easier for remote malicious users to guess passwords via brute force a...
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
409
VMScore
CVE-2005-4752
BEA WebLogic Server and WebLogic Express 8.1 SP4 and previous versions, and 7.0 SP6 and previous versions, might allow local users to gain privileges by using the run-as deployment descriptor element to change the privileges of a web application or EJB from the Deployer security ...
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
445
VMScore
CVE-2005-4753
BEA WebLogic Server and WebLogic Express 8.1 SP4 and previous versions, and 7.0 SP6 and previous versions, in certain "heavy usage" scenarios, report incorrect severity levels for an audit event, which might allow malicious users to perform unauthorized actions and avoi...
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »