Filtered by vendor Bea Subscriptions
Filtered by product Weblogic Server Subscriptions
Total 151 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2006-0430 1 Bea 1 Weblogic Server 2025-04-03 N/A
Certain configurations of BEA WebLogic Server and WebLogic Express 9.0, 8.1 through SP5, and 7.0 through SP6, when connection filters are enabled, cause the server to run more slowly, which makes it easier for remote attackers to cause a denial of service (server slowdown).
CVE-2006-0431 1 Bea 1 Weblogic Server 2025-04-03 N/A
Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 8.1 SP5 allows untrusted applications to obtain the server's SSL identity via unknown attack vectors.
CVE-2006-0432 1 Bea 1 Weblogic Server 2025-04-03 N/A
Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 9.0, when an Administrator uses the WebLogic Administration Console to add custom security policies, causes incorrect policies to be created, which prevents the server from properly protecting JNDI resources.
CVE-2006-1352 1 Bea 1 Weblogic Server 2025-04-03 N/A
BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and WebLogic Server 6.1 SP7 and earlier allow remote attackers to cause a denial of service (memory exhaustion) via crafted non-canonicalized XML documents.
CVE-2000-0683 1 Bea 1 Weblogic Server 2025-04-03 N/A
BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /*.shtml/ into the URL, which invokes the SSIServlet.
CVE-2003-1094 1 Bea 1 Weblogic Server 2025-04-03 N/A
BEA WebLogic Server and Express version 7.0 SP3 may follow certain code execution paths that result in an incorrect current user, such as in the frequent use of JNDI initial contexts, which could allow remote authenticated users to gain privileges.
CVE-2003-1095 1 Bea 1 Weblogic Server 2025-04-03 N/A
BEA WebLogic Server and Express 7.0 and 7.0.0.1, when using "memory" session persistence for web applications, does not clear authentication information when a web application is redeployed, which could allow users of that application to gain access without having to re-authenticate.
CVE-2004-0471 1 Bea 1 Weblogic Server 2025-04-03 N/A
BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 through SP2 does not enforce site restrictions for starting and stopping servers for users in the Admin and Operator security roles, which allows unauthorized users to cause a denial of service (service shutdown).
CVE-2004-0713 1 Bea 1 Weblogic Server 2025-04-03 N/A
The remove method in a stateful Enterprise JavaBean (EJB) in BEA WebLogic Server and WebLogic Express version 8.1 through SP2, 7.0 through SP4, and 6.1 through SP6, does not properly check EJB permissions before unexporting a bean, which allows remote authenticated users to remove EJB objects from remote views before the security exception is thrown.
CVE-2004-1756 1 Bea 1 Weblogic Server 2025-04-03 N/A
BEA WebLogic Server and WebLogic Express 8.1 SP2 and earlier, and 7.0 SP4 and earlier, when using 2-way SSL with a custom trust manager, may accept a certificate chain even if the trust manager rejects it, which allows remote attackers to spoof other users or servers.
CVE-2005-4752 1 Bea 1 Weblogic Server 2025-04-03 N/A
BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP6 and earlier, might allow local users to gain privileges by using the run-as deployment descriptor element to change the privileges of a web application or EJB from the Deployer security role to the Admin security role.
CVE-2005-4757 1 Bea 1 Weblogic Server 2025-04-03 N/A
BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier, and 7.0 SP5 and earlier, do not properly "constrain" a "/" (slash) servlet root URL pattern, which might allow remote attackers to bypass intended servlet protections.
CVE-2006-0429 1 Bea 1 Weblogic Server 2025-04-03 N/A
BEA WebLogic Server and WebLogic Express 9.0 causes new security providers to appear active even if they have not been activated by a server reboot, which could cause an administrator to perform inappropriate, security-relevant actions.
CVE-2003-0623 1 Bea 2 Tuxedo, Weblogic Server 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in the Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to inject arbitrary web script via the INIFILE argument.
CVE-2003-0733 1 Bea 3 Liquid Data, Weblogic Integration, Weblogic Server 2025-04-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in WebLogic Integration 7.0 and 2.0, Liquid Data 1.1, and WebLogic Server and Express 5.1 through 7.0, allow remote attackers to execute arbitrary web script and steal authentication credentials via (1) a forward instruction to the Servlet container or (2) other vulnerabilities in the WebLogic Server console application.
CVE-2003-1226 1 Bea 1 Weblogic Server 2025-04-03 N/A
BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores certain secrets concerning password encryption insecurely in config.xml, filerealm.properties, and weblogic-rar.xml, which allows local users to learn those secrets and decrypt passwords.
CVE-2003-1437 6 Bea, Hp, Ibm and 3 more 8 Weblogic Server, Hp-ux, Aix and 5 more 2025-04-03 N/A
BEA WebLogic Express and WebLogic Server 7.0 and 7.0.0.1, stores passwords in plaintext when a keystore is used to store a private key or trust certificate authorities, which allows local users to gain access.
CVE-2000-0499 1 Bea 1 Weblogic Server 2025-04-03 7.5 High
The default configuration of BEA WebLogic 3.1.8 through 4.5.1 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case.
CVE-2000-0682 1 Bea 1 Weblogic Server 2025-04-03 N/A
BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /ConsoleHelp/ into the URL, which invokes the FileServlet.
CVE-2000-0685 1 Bea 1 Weblogic Server 2025-04-03 N/A
BEA WebLogic 5.1.x does not properly restrict access to the PageCompileServlet, which could allow remote attackers to compile and execute Java JHTML code by directly invoking the servlet on any source file.