Total
150 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-4617 | 1 Bea | 1 Weblogic Server | 2025-04-09 | 7.8 HIGH | N/A |
| Unspecified vulnerability in BEA WebLogic Server 6.1 Gold through SP7, 7.0 Gold through SP7, and 8.1 Gold through SP4 allows remote attackers to cause a denial of service (server thread hang) via unspecified vectors. | |||||
| CVE-2007-2695 | 1 Bea | 1 Weblogic Server | 2025-04-09 | 5.1 MEDIUM | N/A |
| The HttpClusterServlet and HttpProxyServlet in BEA WebLogic Express and WebLogic Server 6.1 through SP7, 7.0 through SP7, 8.1 through SP5, 9.0, and 9.1, when SecureProxy is enabled, may process "external requests on behalf of a system identity," which allows remote attackers to access administrative data or functionality. | |||||
| CVE-2007-0414 | 1 Bea | 1 Weblogic Server | 2025-04-09 | 5.0 MEDIUM | N/A |
| BEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, and 9.0 allows remote attackers to cause a denial of service (server hang) via certain requests that cause muxer threads to block when processing error pages. | |||||
| CVE-2007-4618 | 1 Bea | 1 Weblogic Server | 2025-04-09 | 7.8 HIGH | N/A |
| Unspecified vulnerability in BEA WebLogic Server 6.1 Gold through SP7 and 7.0 Gold through SP7 allows remote attackers to cause a denial of service (disk consumption) via certain malformed HTTP headers. | |||||
| CVE-2003-1093 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 4.6 MEDIUM | N/A |
| BEA WebLogic Server 6.1, 7.0 and 7.0.0.1, when routing messages to a JMS target domain that is inaccessible, may leak the user's password when it throws a ResourceAllocationException. | |||||
| CVE-2005-4749 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| HTTP request smuggling vulnerability in BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier allows remote attackers to inject arbitrary HTTP headers via unspecified attack vectors. | |||||
| CVE-2004-2320 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 5.8 MEDIUM | N/A |
| The default configuration of BEA WebLogic Server and Express 8.1 SP2 and earlier, 7.0 SP4 and earlier, 6.1 through SP6, and 5.1 through SP13 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting. | |||||
| CVE-2006-2470 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the WebLogic Server Administration Console for BEA WebLogic Server 9.0 prevents the console from setting custom JDBC security policies correctly, which could allow attackers to bypass intended policies. | |||||
| CVE-2005-4763 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 7.5 HIGH | N/A |
| BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier, when Internet Inter-ORB Protocol (IIOP) is used, sometimes include a password in an exception message that is sent to a client or stored in a log file, which might allow remote attackers to perform unauthorized actions. | |||||
| CVE-2005-4765 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 7.6 HIGH | N/A |
| BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier and 7.0 SP6 and earlier, when using the weblogic.Deployer command with the t3 protocol, does not use the secure t3s protocol even when an Administration port is enabled on the Administration server, which might allow remote attackers to sniff the connection. | |||||
| CVE-2005-4754 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier allow remote attackers to obtain sensitive information (intranet IP addresses) via unknown attack vectors involving "network address translation." | |||||
| CVE-2005-4755 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 2.1 LOW | N/A |
| BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier (1) stores the private key passphrase (CustomTrustKeyStorePassPhrase) in cleartext in nodemanager.config; or, during domain creation with the Configuration Wizard, renders an SSL private key passphrase in cleartext (2) on a terminal or (3) in a log file, which might allow local users to obtain cryptographic keys. | |||||
| CVE-2005-4760 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 5.1 MEDIUM | N/A |
| BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier, and 7.0 SP5 and earlier, when fullyDelegatedAuthorization is enabled for a servlet, does not cause servlet deployment to fail when failures occur in authorization or role providers, which might prevent the servlet from being "fully protected." | |||||
| CVE-2004-2424 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| BEA WebLogic Server and WebLogic Express 8.1 through 8.1 SP2 allow remote attackers to cause a denial of service (network port consumption) via unknown actions in HTTPS sessions, which prevents the server from releasing the network port when the session ends. | |||||
| CVE-2003-1225 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 2.1 LOW | N/A |
| The default CredentialMapper for BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores passwords in cleartext on disk, which allows local users to extract passwords. | |||||
| CVE-2005-4767 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 5.1 MEDIUM | N/A |
| BEA WebLogic Server and WebLogic Express 8.1 SP5 and earlier, and 7.0 SP6 and earlier, when using username/password authentication, does not lock out a username after the maximum number of invalid login attempts, which makes it easier for remote attackers to guess the password. | |||||
| CVE-2005-1749 | 2 Bea, Oracle | 2 Weblogic Server, Weblogic Portal | 2025-04-03 | 5.0 MEDIUM | N/A |
| Buffer overflow in BEA WebLogic Server and WebLogic Express 6.1 Service Pack 4 allows remote attackers to cause a denial of service (CPU consumption from thread looping). | |||||
| CVE-2004-0652 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 7.2 HIGH | N/A |
| BEA WebLogic Server and WebLogic Express 7.0 through 7.0 Service Pack 4, and 8.1 through 8.1 Service Pack 2, allows attackers to obtain the username and password for booting the server by directly accessing certain internal methods. | |||||
| CVE-2006-2461 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| BEA WebLogic Server before 8.1 Service Pack 4 does not properly set the Quality of Service in certain circumstances, which prevents some transmissions from being encrypted via SSL, and allows remote attackers to more easily read potentially sensitive network traffic. | |||||
| CVE-2006-0421 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 4.6 MEDIUM | N/A |
| By design, BEA WebLogic Server and WebLogic Express 7.0 and 6.1, when creating multiple domains from the same WebLogic instance on the same machine, allows administrators of any created domain to access other created domains, which could allow administrators to gain privileges that were not intended. | |||||