Filtered by vendor Bea Subscriptions
Filtered by product Weblogic Server Subscriptions
Total 150 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2006-0426 1 Bea 1 Weblogic Server 2024-08-07 N/A
BEA WebLogic Server and WebLogic Express 8.1 through SP4, when configuration auditing is enabled and a password change occurs, stores the old and new passwords in cleartext in the DefaultAuditRecorder.log file, which could allow attackers to gain privileges.
CVE-2006-0431 1 Bea 1 Weblogic Server 2024-08-07 N/A
Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 8.1 SP5 allows untrusted applications to obtain the server's SSL identity via unknown attack vectors.
CVE-2006-0421 1 Bea 1 Weblogic Server 2024-08-07 N/A
By design, BEA WebLogic Server and WebLogic Express 7.0 and 6.1, when creating multiple domains from the same WebLogic instance on the same machine, allows administrators of any created domain to access other created domains, which could allow administrators to gain privileges that were not intended.
CVE-2006-0419 1 Bea 1 Weblogic Server 2024-08-07 N/A
BEA WebLogic Server and WebLogic Express 9.0, 8.1 through SP5, and 7.0 through SP6 allows anonymous binds to the embedded LDAP server, which allows remote attackers to read user entries or cause a denial of service (unspecified) via a large number of connections.
CVE-2006-0422 1 Bea 1 Weblogic Server 2024-08-07 N/A
Multiple unspecified vulnerabilities in BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7 allow remote attackers to access MBean attributes or cause an unspecified denial of service via unknown attack vectors.
CVE-2006-0424 1 Bea 1 Weblogic Server 2024-08-07 N/A
BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7 allows remote authenticated guest users to read the server log and obtain sensitive configuration information.
CVE-2007-5576 2 Bea, Oracle 5 Tuxedo, Weblogic Integration, Weblogic Server and 2 more 2024-08-07 N/A
BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which allows physically proximate attackers to obtain sensitive information via the (1) cnsbind, (2) cnsunbind, or (3) cnsls commands.
CVE-2007-4613 1 Bea 1 Weblogic Server 2024-08-07 N/A
SSL libraries in BEA WebLogic Server 6.1 Gold through SP7, 7.0 Gold through SP7, and 8.1 Gold through SP5 might allow remote attackers to obtain plaintext from an SSL stream via a man-in-the-middle attack that injects crafted data and measures the elapsed time before an error response, a different vulnerability than CVE-2006-2461.
CVE-2007-4617 1 Bea 1 Weblogic Server 2024-08-07 N/A
Unspecified vulnerability in BEA WebLogic Server 6.1 Gold through SP7, 7.0 Gold through SP7, and 8.1 Gold through SP4 allows remote attackers to cause a denial of service (server thread hang) via unspecified vectors.
CVE-2007-4618 1 Bea 1 Weblogic Server 2024-08-07 N/A
Unspecified vulnerability in BEA WebLogic Server 6.1 Gold through SP7 and 7.0 Gold through SP7 allows remote attackers to cause a denial of service (disk consumption) via certain malformed HTTP headers.
CVE-2007-4616 1 Bea 1 Weblogic Server 2024-08-07 N/A
The SSL server implementation in BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP1, and 10.0 sometimes selects the null cipher when no other cipher is compatible between the server and client, which might allow remote attackers to intercept communications.
CVE-2007-4615 1 Bea 1 Weblogic Server 2024-08-07 N/A
The SSL client implementation in BEA WebLogic Server 7.0 SP7, 8.1 SP2 through SP6, 9.0, 9.1, 9.2 Gold through MP2, and 10.0 sometimes selects the null cipher when others are available, which might allow remote attackers to intercept communications.
CVE-2007-4614 1 Bea 1 Weblogic Server 2024-08-07 N/A
BEA WebLogic Server 9.1 does not properly handle propagation of an admin server's security policy change log to temporarily unavailable managed servers, which might allow attackers to bypass intended restrictions, a different vulnerability than CVE-2007-0426.
CVE-2007-2695 1 Bea 1 Weblogic Server 2024-08-07 N/A
The HttpClusterServlet and HttpProxyServlet in BEA WebLogic Express and WebLogic Server 6.1 through SP7, 7.0 through SP7, 8.1 through SP5, 9.0, and 9.1, when SecureProxy is enabled, may process "external requests on behalf of a system identity," which allows remote attackers to access administrative data or functionality.
CVE-2007-2701 1 Bea 1 Weblogic Server 2024-08-07 N/A
The JMS Message Bridge in BEA WebLogic Server 7.0 through SP7 and 8.1 through Service Pack 6, when configured without a username and password, or when the connection URL is not defined, allows remote attackers to bypass the security access policy and "send unauthorized messages to a protected queue."
CVE-2007-2699 1 Bea 1 Weblogic Server 2024-08-07 N/A
The Administration Console in BEA WebLogic Express and WebLogic Server 9.0 and 9.1 does not properly enforce certain Domain Security Policies, which allows remote administrative users in the Deployer role to upload arbitrary files.
CVE-2007-2696 1 Bea 1 Weblogic Server 2024-08-07 N/A
The JMS Server in BEA WebLogic Server 6.1 through SP7, 7.0 through SP6, and 8.1 through SP5 enforces security access policies on the front end, which allows remote attackers to access protected queues via direct requests to the JMS back-end server.
CVE-2007-2697 1 Bea 1 Weblogic Server 2024-08-07 N/A
The embedded LDAP server in BEA WebLogic Express and WebLogic Server 7.0 through SP6, 8.1 through SP5, 9.0, and 9.1, when in certain configurations, does not limit or audit failed authentication attempts, which allows remote attackers to more easily conduct brute-force attacks against the administrator password, or flood the server with login attempts and cause a denial of service.
CVE-2007-2704 1 Bea 1 Weblogic Server 2024-08-07 N/A
BEA WebLogic Server 9.0 through 9.2 allows remote attackers to cause a denial of service (SSL port unavailability) by accessing a half-closed SSL socket.
CVE-2007-2694 1 Bea 1 Weblogic Server 2024-08-07 N/A
Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Express and WebLogic Server 6.1 through SP7, 7.0 through SP7, 8.1 through SP5, 9.0 GA, and 9.1 GA allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.