Total
150 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-0430 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| Certain configurations of BEA WebLogic Server and WebLogic Express 9.0, 8.1 through SP5, and 7.0 through SP6, when connection filters are enabled, cause the server to run more slowly, which makes it easier for remote attackers to cause a denial of service (server slowdown). | |||||
| CVE-2005-4758 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the Administration server in BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier allows remote authenticated Admin users to read arbitrary files via unknown attack vectors related to an "internal servlet" accessed through HTTP. | |||||
| CVE-2003-0640 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 10.0 HIGH | N/A |
| BEA WebLogic Server and Express, when using NodeManager to start servers, provides Operator users with privileges to overwrite usernames and passwords, which may allow Operators to gain Admin privileges. | |||||
| CVE-2006-0419 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 6.4 MEDIUM | N/A |
| BEA WebLogic Server and WebLogic Express 9.0, 8.1 through SP5, and 7.0 through SP6 allows anonymous binds to the embedded LDAP server, which allows remote attackers to read user entries or cause a denial of service (unspecified) via a large number of connections. | |||||
| CVE-2006-1351 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| BEA WebLogic Server 6.1 SP7 and earlier allows remote attackers to read arbitrary files via unknown attack vectors related to a "default internal servlet" accessed through HTTP. | |||||
| CVE-2005-4756 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 7.5 HIGH | N/A |
| BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP5 and earlier, do not properly validate derived Principals with multiple PrincipalValidators, which might allow attackers to gain privileges. | |||||
| CVE-2004-2321 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 2.1 LOW | N/A |
| BEA WebLogic Server and Express 8.1 SP1 and earlier allows local users in the Operator role to obtain administrator passwords via MBean attributes, including (1) ServerStartMBean.Password and (2) NodeManagerMBean.CertificatePassword. | |||||
| CVE-2006-2466 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 2.6 LOW | N/A |
| BEA WebLogic Server 8.1 up to SP4 and 7.0 up to SP6 allows remote attackers to obtain the source code of JSP pages during certain circumstances related to a "timing window" when a compilation error occurs, aka the "JSP showcode vulnerability." | |||||
| CVE-2005-4752 | 1 Bea | 1 Weblogic Server | 2025-04-03 | 4.6 MEDIUM | N/A |
| BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP6 and earlier, might allow local users to gain privileges by using the run-as deployment descriptor element to change the privileges of a web application or EJB from the Deployer security role to the Admin security role. | |||||
| CVE-2005-1743 | 2 Bea, Oracle | 2 Weblogic Server, Weblogic Portal | 2025-04-03 | 7.5 HIGH | N/A |
| BEA WebLogic Server and WebLogic Express 8.1 through Service Pack 3 and 7.0 through Service Pack 5 does not properly handle when a security provider throws an exception, which may cause WebLogic to use incorrect identity for the thread, or to fail to audit security exceptions. | |||||