Filtered by vendor Bea Subscriptions
Filtered by product Weblogic Server Subscriptions
Total 151 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2002-0106 1 Bea 1 Weblogic Server 2025-04-03 N/A
BEA Systems Weblogic Server 6.1 allows remote attackers to cause a denial of service via a series of requests to .JSP files that contain an MS-DOS device name.
CVE-2003-0621 1 Bea 2 Tuxedo, Weblogic Server 2025-04-03 N/A
The Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to determine the existence of files outside the web root via modified paths in the INIFILE argument.
CVE-2001-0098 1 Bea 1 Weblogic Server 2025-04-03 N/A
Buffer overflow in Bea WebLogic Server before 5.1.0 allows remote attackers to execute arbitrary commands via a long URL that begins with a ".." string.
CVE-2003-0640 1 Bea 1 Weblogic Server 2025-04-03 N/A
BEA WebLogic Server and Express, when using NodeManager to start servers, provides Operator users with privileges to overwrite usernames and passwords, which may allow Operators to gain Admin privileges.
CVE-2003-1220 1 Bea 1 Weblogic Server 2025-04-03 N/A
BEA WebLogic Server proxy plugin for BEA Weblogic Express and Server 6.1 through 8.1 SP 1 allows remote attackers to cause a denial of service (proxy plugin crash) via a malformed URL.
CVE-2003-1221 1 Bea 1 Weblogic Server 2025-04-03 N/A
BEA WebLogic Express and Server 7.0 through 8.1 SP 1, under certain circumstances when a request to use T3 over SSL (t3s) is made to the insecure T3 port, may use a non-SSL connection for the communication, which could allow attackers to sniff sessions.
CVE-2003-0622 1 Bea 2 Tuxedo, Weblogic Server 2025-04-03 N/A
The Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to cause a denial of service (hang) via pathname arguments that contain MS-DOS device names such as CON and AUX.
CVE-2000-0685 1 Bea 1 Weblogic Server 2025-04-03 N/A
BEA WebLogic 5.1.x does not properly restrict access to the PageCompileServlet, which could allow remote attackers to compile and execute Java JHTML code by directly invoking the servlet on any source file.
CVE-2003-1224 1 Bea 1 Weblogic Server 2025-04-03 N/A
Weblogic.admin for BEA WebLogic Server and Express 7.0 and 7.0.0.1 displays the JDBCConnectionPoolRuntimeMBean password to the screen in cleartext, which allows attackers to read a user's password by physically observing ("shoulder surfing") the screen.
CVE-2003-1225 1 Bea 1 Weblogic Server 2025-04-03 N/A
The default CredentialMapper for BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores passwords in cleartext on disk, which allows local users to extract passwords.
CVE-2003-1290 1 Bea 1 Weblogic Server 2025-04-03 N/A
BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, with RMI and anonymous admin lookup enabled, allows remote attackers to obtain configuration information by accessing MBeanHome via the Java Naming and Directory Interface (JNDI).
CVE-2004-0652 1 Bea 1 Weblogic Server 2025-04-03 N/A
BEA WebLogic Server and WebLogic Express 7.0 through 7.0 Service Pack 4, and 8.1 through 8.1 Service Pack 2, allows attackers to obtain the username and password for booting the server by directly accessing certain internal methods.
CVE-2004-0711 1 Bea 1 Weblogic Server 2025-04-03 N/A
The URL pattern matching feature in BEA WebLogic Server 6.x matches illegal patterns ending in "*" as wildcards as if they were the legal "/*" pattern, which could cause WebLogic 7.x to allow remote attackers to bypass intended access restrictions because the illegal patterns are properly rejected.
CVE-2004-2321 1 Bea 1 Weblogic Server 2025-04-03 N/A
BEA WebLogic Server and Express 8.1 SP1 and earlier allows local users in the Operator role to obtain administrator passwords via MBean attributes, including (1) ServerStartMBean.Password and (2) NodeManagerMBean.CertificatePassword.
CVE-2005-0432 1 Bea 1 Weblogic Server 2025-04-03 N/A
BEA WebLogic Server 7.0 Service Pack 5 and earlier, and 8.1 Service Pack 3 and earlier, generates different login exceptions that suggest why an authentication attempt fails, which makes it easier for remote attackers to guess passwords via brute force attacks.
CVE-2003-1222 1 Bea 1 Weblogic Server 2025-04-03 N/A
BEA Weblogic Express and Server 8.0 through 8.1 SP 1, when using a foreign Java Message Service (JMS) provider, echoes the password for the foreign provider to the console and stores it in cleartext in config.xml, which could allow attackers to obtain the password.
CVE-2003-1223 1 Bea 1 Weblogic Server 2025-04-03 N/A
The Node Manager for BEA WebLogic Express and Server 6.1 through 8.1 SP 1 allows remote attackers to cause a denial of service (Node Manager crash) via malformed data to the Node Manager's port, as demonstrated by nmap.
CVE-2002-2177 1 Bea 1 Weblogic Server 2025-04-03 N/A
BEA WebLogic Server and Express 6.1 through 7.0.0.1 buffers HTTP requests in a way that can cause BEA to send the same response for two different HTTP requests, which could allow remote attackers to obtain sensitive information that was intended for other users.
CVE-2000-0500 1 Bea 1 Weblogic Server 2025-04-03 N/A
The default configuration of BEA WebLogic 5.1.0 allows a remote attacker to view source code of programs by requesting a URL beginning with /file/, which causes the default servlet to display the file without further processing.
CVE-2002-1030 1 Bea 1 Weblogic Server 2025-04-03 N/A
Race condition in Performance Pack in BEA WebLogic Server and Express 5.1.x, 6.0.x, 6.1.x and 7.0 allows remote attackers to cause a denial of service (crash) via a flood of data and connections.