Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bea weblogic server 7.0 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2005-4760
BEA WebLogic Server and WebLogic Express 8.1 SP3 and previous versions, and 7.0 SP5 and previous versions, when fullyDelegatedAuthorization is enabled for a servlet, does not cause servlet deployment to fail when failures occur in authorization or role providers, which might prev...
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
NA
CVE-2005-4766
BEA WebLogic Server and WebLogic Express 8.1 SP4 and previous versions, and 7.0 SP5 and previous versions, do not encrypt multicast traffic, which might allow remote malicious users to read sensitive cluster synchronization messages by sniffing the multicast traffic.
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
NA
CVE-2005-4767
BEA WebLogic Server and WebLogic Express 8.1 SP5 and previous versions, and 7.0 SP6 and previous versions, when using username/password authentication, does not lock out a username after the maximum number of invalid login attempts, which makes it easier for remote malicious user...
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
NA
CVE-2006-2462
BEA WebLogic Server 8.1 before Service Pack 4 and 7.0 before Service Pack 6, may send sensitive data over non-secure channels when using JTA transactions, which allows remote malicious users to read potentially sensitive network traffic.
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
NA
CVE-2005-4765
BEA WebLogic Server and WebLogic Express 8.1 SP4 and previous versions and 7.0 SP6 and previous versions, when using the weblogic.Deployer command with the t3 protocol, does not use the secure t3s protocol even when an Administration port is enabled on the Administration server, ...
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
NA
CVE-2002-2141
BEA WebLogic Server and Express 7.0 and 7.0.0.1, when running Servlets and Enterprise JavaBeans (EJB) on more than one server, will remove the security constraints and roles on all servers for any Servlets or EJB that are used by an application that is undeployed on one server, w...
Bea Weblogic Server 7.0.0.1
Bea Weblogic Server 7.0
NA
CVE-2004-0711
The URL pattern matching feature in BEA WebLogic Server 6.x matches illegal patterns ending in "*" as wildcards as if they were the legal "/*" pattern, which could cause WebLogic 7.x to allow remote malicious users to bypass intended access restrictions becaus...
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
NA
CVE-2004-0715
The WebLogic Authentication provider for BEA WebLogic Server and WebLogic Express 8.1 through SP2 and 7.0 through SP4 does not properly clear member relationships when a group is deleted, which can cause a new group with the same name to have the members of the old group, which a...
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
NA
CVE-2004-0470
BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 through SP2, when editing weblogic.xml using WebLogic Builder or the SecurityRoleAssignmentMBean.toXML method, inadvertently removes security-role-assignment tags when weblogic.xml does not have a principal-name tag...
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
NA
CVE-2004-0471
BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 through SP2 does not enforce site restrictions for starting and stopping servers for users in the Admin and Operator security roles, which allows unauthorized users to cause a denial of service (service shutdown).
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »