Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bea weblogic server vulnerabilities and exploits
(subscribe to this query)
505
VMScore
CVE-2003-0621
The Administration Console for BEA Tuxedo 8.1 and previous versions allows remote malicious users to determine the existence of files outside the web root via modified paths in the INIFILE argument.
Bea Tuxedo 8.0
Bea Tuxedo 7.1
Bea Weblogic Server 4.2
Bea Tuxedo 6.5
Bea Weblogic Server 5.1
Bea Tuxedo 6.3
Bea Tuxedo 6.4
Bea Tuxedo 8.1
Bea Weblogic Server 5.0.1
1 EDB exploit
505
VMScore
CVE-2002-0106
BEA Systems Weblogic Server 6.1 allows remote malicious users to cause a denial of service via a series of requests to .JSP files that contain an MS-DOS device name.
Bea Weblogic Server 6.1
1 EDB exploit
505
VMScore
CVE-2000-0500
The default configuration of BEA WebLogic 5.1.0 allows a remote malicious user to view source code of programs by requesting a URL beginning with /file/, which causes the default servlet to display the file without further processing.
Bea Weblogic Server 5.1
Bea Weblogic Server 3.1.8
Bea Weblogic Server 4.5
Bea Weblogic Server 4.0
1 EDB exploit
490
VMScore
CVE-2004-2696
BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, when using Remote Method Invocation (RMI) over Internet Inter-ORB Protocol (IIOP), does not properly handle when multiple logins for different users coming from the same client, which could cause an "unexpected user...
Bea Weblogic Server 8.1
Bea Weblogic Server 7.0
Bea Weblogic Server 7.0.0.1
Bea Weblogic Server 6.1
481
VMScore
CVE-2007-2704
BEA WebLogic Server 9.0 up to and including 9.2 allows remote malicious users to cause a denial of service (SSL port unavailability) by accessing a half-closed SSL socket.
Bea Weblogic Server 9.0
Bea Weblogic Server 9.2
Bea Weblogic Server 9.1
481
VMScore
CVE-2005-4766
BEA WebLogic Server and WebLogic Express 8.1 SP4 and previous versions, and 7.0 SP5 and previous versions, do not encrypt multicast traffic, which might allow remote malicious users to read sensitive cluster synchronization messages by sniffing the multicast traffic.
Bea Weblogic Server 8.1
Bea Weblogic Server 7.0
454
VMScore
CVE-2008-4009
Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 9.1, when configuring multiple authorizers, allows remote malicious users to affect confidentiality, integrity, and availability via unknown vectors.
Oracle Bea Product Suite 9.1
454
VMScore
CVE-2008-2581
Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 has unknown impact and remote attack vectors related to UDDI Explorer.
Oracle Weblogic Server Component 7.0
Oracle Weblogic Server Component 8.1
Oracle Weblogic Server Component 10.0
Oracle Weblogic Server Component 9.1
Oracle Bea Product Suite 9.1
Oracle Bea Product Suite 8.1
Oracle Bea Product Suite 10.0
Oracle Bea Product Suite 7.0
Oracle Weblogic Server Component 9.0
Oracle Weblogic Server Component 9.2
Oracle Bea Product Suite 9.0
Oracle Bea Product Suite 9.2
454
VMScore
CVE-2007-2695
The HttpClusterServlet and HttpProxyServlet in BEA WebLogic Express and WebLogic Server 6.1 through SP7, 7.0 through SP7, 8.1 through SP5, 9.0, and 9.1, when SecureProxy is enabled, may process "external requests on behalf of a system identity," which allows remote mali...
Bea Weblogic Server 8.1
Bea Weblogic Server 7.0
Bea Weblogic Server 6.1
Bea Weblogic Server 9.0
Bea Weblogic Server 9.1
454
VMScore
CVE-2007-2697
The embedded LDAP server in BEA WebLogic Express and WebLogic Server 7.0 through SP6, 8.1 through SP5, 9.0, and 9.1, when in certain configurations, does not limit or audit failed authentication attempts, which allows remote malicious users to more easily conduct brute-force atta...
Bea Weblogic Server 8.1
Bea Weblogic Server 7.0
Bea Weblogic Server 9.0
Bea Weblogic Server 9.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »