Filtered by vendor Bea
Subscriptions
Total
159 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2006-0430 | 1 Bea | 1 Weblogic Server | 2024-08-07 | N/A |
Certain configurations of BEA WebLogic Server and WebLogic Express 9.0, 8.1 through SP5, and 7.0 through SP6, when connection filters are enabled, cause the server to run more slowly, which makes it easier for remote attackers to cause a denial of service (server slowdown). | ||||
CVE-2006-0426 | 1 Bea | 1 Weblogic Server | 2024-08-07 | N/A |
BEA WebLogic Server and WebLogic Express 8.1 through SP4, when configuration auditing is enabled and a password change occurs, stores the old and new passwords in cleartext in the DefaultAuditRecorder.log file, which could allow attackers to gain privileges. | ||||
CVE-2006-0431 | 1 Bea | 1 Weblogic Server | 2024-08-07 | N/A |
Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 8.1 SP5 allows untrusted applications to obtain the server's SSL identity via unknown attack vectors. | ||||
CVE-2006-0421 | 1 Bea | 1 Weblogic Server | 2024-08-07 | N/A |
By design, BEA WebLogic Server and WebLogic Express 7.0 and 6.1, when creating multiple domains from the same WebLogic instance on the same machine, allows administrators of any created domain to access other created domains, which could allow administrators to gain privileges that were not intended. | ||||
CVE-2006-0419 | 1 Bea | 1 Weblogic Server | 2024-08-07 | N/A |
BEA WebLogic Server and WebLogic Express 9.0, 8.1 through SP5, and 7.0 through SP6 allows anonymous binds to the embedded LDAP server, which allows remote attackers to read user entries or cause a denial of service (unspecified) via a large number of connections. | ||||
CVE-2006-0422 | 1 Bea | 1 Weblogic Server | 2024-08-07 | N/A |
Multiple unspecified vulnerabilities in BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7 allow remote attackers to access MBean attributes or cause an unspecified denial of service via unknown attack vectors. | ||||
CVE-2006-0424 | 1 Bea | 1 Weblogic Server | 2024-08-07 | N/A |
BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7 allows remote authenticated guest users to read the server log and obtain sensitive configuration information. | ||||
CVE-2007-6384 | 1 Bea | 1 Weblogic Mobility Server | 2024-08-07 | N/A |
Unspecified vulnerability in the Image Converter functionality in BEA WebLogic Mobility Server 3.3, 3.5, and 3.6 through 3.6 SP1 allows remote attackers to obtain application file and resource access via unspecified vectors. | ||||
CVE-2007-6197 | 1 Bea | 1 Aqualogic Interaction | 2024-08-07 | N/A |
The Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 and 6.0.1.218452 allows remote attackers to obtain version numbers and internal hostnames by reading comments in the HTML source of any page. | ||||
CVE-2007-6198 | 1 Bea | 1 Aqualogic Interaction | 2024-08-07 | N/A |
portal/server.pt in the Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 and 6.0.1.218452 allows wildcards in advanced searches for usernames, which allows remote attackers to enumerate valid usernames via the in_tx_fulltext parameter. | ||||
CVE-2007-5576 | 2 Bea, Oracle | 5 Tuxedo, Weblogic Integration, Weblogic Server and 2 more | 2024-08-07 | N/A |
BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which allows physically proximate attackers to obtain sensitive information via the (1) cnsbind, (2) cnsunbind, or (3) cnsls commands. | ||||
CVE-2007-4613 | 1 Bea | 1 Weblogic Server | 2024-08-07 | N/A |
SSL libraries in BEA WebLogic Server 6.1 Gold through SP7, 7.0 Gold through SP7, and 8.1 Gold through SP5 might allow remote attackers to obtain plaintext from an SSL stream via a man-in-the-middle attack that injects crafted data and measures the elapsed time before an error response, a different vulnerability than CVE-2006-2461. | ||||
CVE-2007-4617 | 1 Bea | 1 Weblogic Server | 2024-08-07 | N/A |
Unspecified vulnerability in BEA WebLogic Server 6.1 Gold through SP7, 7.0 Gold through SP7, and 8.1 Gold through SP4 allows remote attackers to cause a denial of service (server thread hang) via unspecified vectors. | ||||
CVE-2007-4618 | 1 Bea | 1 Weblogic Server | 2024-08-07 | N/A |
Unspecified vulnerability in BEA WebLogic Server 6.1 Gold through SP7 and 7.0 Gold through SP7 allows remote attackers to cause a denial of service (disk consumption) via certain malformed HTTP headers. | ||||
CVE-2007-4616 | 1 Bea | 1 Weblogic Server | 2024-08-07 | N/A |
The SSL server implementation in BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP1, and 10.0 sometimes selects the null cipher when no other cipher is compatible between the server and client, which might allow remote attackers to intercept communications. | ||||
CVE-2007-4615 | 1 Bea | 1 Weblogic Server | 2024-08-07 | N/A |
The SSL client implementation in BEA WebLogic Server 7.0 SP7, 8.1 SP2 through SP6, 9.0, 9.1, 9.2 Gold through MP2, and 10.0 sometimes selects the null cipher when others are available, which might allow remote attackers to intercept communications. | ||||
CVE-2007-4614 | 1 Bea | 1 Weblogic Server | 2024-08-07 | N/A |
BEA WebLogic Server 9.1 does not properly handle propagation of an admin server's security policy change log to temporarily unavailable managed servers, which might allow attackers to bypass intended restrictions, a different vulnerability than CVE-2007-0426. | ||||
CVE-2007-2695 | 1 Bea | 1 Weblogic Server | 2024-08-07 | N/A |
The HttpClusterServlet and HttpProxyServlet in BEA WebLogic Express and WebLogic Server 6.1 through SP7, 7.0 through SP7, 8.1 through SP5, 9.0, and 9.1, when SecureProxy is enabled, may process "external requests on behalf of a system identity," which allows remote attackers to access administrative data or functionality. | ||||
CVE-2007-2701 | 1 Bea | 1 Weblogic Server | 2024-08-07 | N/A |
The JMS Message Bridge in BEA WebLogic Server 7.0 through SP7 and 8.1 through Service Pack 6, when configured without a username and password, or when the connection URL is not defined, allows remote attackers to bypass the security access policy and "send unauthorized messages to a protected queue." | ||||
CVE-2007-2699 | 1 Bea | 1 Weblogic Server | 2024-08-07 | N/A |
The Administration Console in BEA WebLogic Express and WebLogic Server 9.0 and 9.1 does not properly enforce certain Domain Security Policies, which allows remote administrative users in the Deployer role to upload arbitrary files. |