Bea

Weblogic Server

149 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2003-0624

Exploit
  • EPSS 3.46%
  • Published 01.12.2003 05:00:00
  • Last modified 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in InteractiveQuery.jsp for BEA WebLogic 8.1 and earlier allows remote attackers to inject malicious web script via the person parameter.

6.8

CVE-2003-0733

  • EPSS 0.97%
  • Published 20.10.2003 04:00:00
  • Last modified 03.04.2025 01:03:51

Multiple cross-site scripting (XSS) vulnerabilities in WebLogic Integration 7.0 and 2.0, Liquid Data 1.1, and WebLogic Server and Express 5.1 through 7.0, allow remote attackers to execute arbitrary web script and steal authentication credentials via...

10

CVE-2003-0640

  • EPSS 0.65%
  • Published 27.08.2003 04:00:00
  • Last modified 03.04.2025 01:03:51

BEA WebLogic Server and Express, when using NodeManager to start servers, provides Operator users with privileges to overwrite usernames and passwords, which may allow Operators to gain Admin privileges.

7.5

CVE-2003-0151

  • EPSS 4.73%
  • Published 24.03.2003 05:00:00
  • Last modified 03.04.2025 01:03:51

BEA WebLogic Server and Express 6.0 through 7.0 does not properly restrict access to certain internal servlets that perform administrative functions, which allows remote attackers to read arbitrary files or execute arbitrary code.

4.6

CVE-2003-1095

  • EPSS 0.13%
  • Published 18.03.2003 05:00:00
  • Last modified 03.04.2025 01:03:51

BEA WebLogic Server and Express 7.0 and 7.0.0.1, when using "memory" session persistence for web applications, does not clear authentication information when a web application is redeployed, which could allow users of that application to gain access ...

7.5

CVE-2002-2141

  • EPSS 0.72%
  • Published 31.12.2002 05:00:00
  • Last modified 03.04.2025 01:03:51

BEA WebLogic Server and Express 7.0 and 7.0.0.1, when running Servlets and Enterprise JavaBeans (EJB) on more than one server, will remove the security constraints and roles on all servers for any Servlets or EJB that are used by an application that ...

7.5

CVE-2002-2142

  • EPSS 0.51%
  • Published 31.12.2002 05:00:00
  • Last modified 03.04.2025 01:03:51

An undocumented extension for the Servlet mappings in the Servlet 2.3 specification, when upgrading to WebLogic Server and Express 7.0 Service Pack 1 from BEA WebLogic Server and Express 6.0 through 7.0.0.1, does not prepend a "/" character in certai...

2.6

CVE-2002-2177

  • EPSS 0.32%
  • Published 31.12.2002 05:00:00
  • Last modified 03.04.2025 01:03:51

BEA WebLogic Server and Express 6.1 through 7.0.0.1 buffers HTTP requests in a way that can cause BEA to send the same response for two different HTTP requests, which could allow remote attackers to obtain sensitive information that was intended for ...

2.6

CVE-2002-1030

  • EPSS 0.68%
  • Published 04.10.2002 04:00:00
  • Last modified 03.04.2025 01:03:51

Race condition in Performance Pack in BEA WebLogic Server and Express 5.1.x, 6.0.x, 6.1.x and 7.0 allows remote attackers to cause a denial of service (crash) via a flood of data and connections.

5

CVE-2002-0106

  • EPSS 6.04%
  • Published 25.03.2002 05:00:00
  • Last modified 03.04.2025 01:03:51

BEA Systems Weblogic Server 6.1 allows remote attackers to cause a denial of service via a series of requests to .JSP files that contain an MS-DOS device name.