Bea Weblogic_server

150 CVEs affecting Bea Weblogic_server. Latest disclosed: 2010-07-13. Critical: 1, High: 1.

Top CVEs affecting Bea Weblogic_server
CVESeverityScorePublishedSummary
CVE-2005-1744Critical9.82005-05-24BEA WebLogic Server and WebLogic Express 7.0 through Service Pack 5 does not log out users when an application is redeployed, which allows those users to conti…
CVE-2000-0499High7.52000-06-08The default configuration of BEA WebLogic 3.1.8 through 4.5.1 allows a remote attacker to view source code of a JSP program by requesting a URL which provides…
CVE-2004-2320Medium5.32004-12-31The default configuration of BEA WebLogic Server and Express 8.1 SP2 and earlier, 7.0 SP4 and earlier, 6.1 through SP6, and 5.1 through SP13 responds to the HT…
CVE-2010-23752010-07-13Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7…
CVE-2008-32572008-07-22Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers…
CVE-2008-09022008-02-22Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 6.1 through 10.0 MP1 allow remote attackers to inject arbitrary web scri…
CVE-2008-09012008-02-22BEA WebLogic Server and Express 7.0 through 10.0 allows remote attackers to conduct brute force password guessing attacks, even when account lockout has been a…
CVE-2008-09002008-02-22Session fixation vulnerability in BEA WebLogic Server and Express 8.1 SP4 through SP6, 9.2 through MP1, and 10.0 allows remote authenticated users to hijack we…
CVE-2008-08992008-02-22Cross-site scripting (XSS) vulnerability in the Administration Console in BEA WebLogic Server and Express 9.0 through 10.0 allows remote attackers to inject ar…
CVE-2008-08982008-02-22The distributed queue feature in JMS in BEA WebLogic Server 9.0 through 10.0, in certain configurations, does not properly handle when a client cannot send a m…
CVE-2008-08972008-02-22Unspecified vulnerability in BEA WebLogic Server 9.0 through 10.0 allows remote authenticated users without "receive" permissions to bypass intended access res…
CVE-2008-08952008-02-22BEA WebLogic Server and WebLogic Express 6.1 through 10.0 allows remote attackers to bypass authentication for application servlets via crafted request headers.
CVE-2008-08692008-02-21Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject…
CVE-2008-08632008-02-21BEA WebLogic Server and WebLogic Express 9.0 and 9.1 exposes the web service's WSDL and security policies, which allows remote attackers to obtain sensitive in…
CVE-2007-55762007-10-18BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which allows physically proximate a…
CVE-2007-46182007-08-31Unspecified vulnerability in BEA WebLogic Server 6.1 Gold through SP7 and 7.0 Gold through SP7 allows remote attackers to cause a denial of service (disk consu…
CVE-2007-46172007-08-31Unspecified vulnerability in BEA WebLogic Server 6.1 Gold through SP7, 7.0 Gold through SP7, and 8.1 Gold through SP4 allows remote attackers to cause a denial…
CVE-2007-46162007-08-31The SSL server implementation in BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP1, and 10.0 sometimes selects the…
CVE-2007-46152007-08-31The SSL client implementation in BEA WebLogic Server 7.0 SP7, 8.1 SP2 through SP6, 9.0, 9.1, 9.2 Gold through MP2, and 10.0 sometimes selects the null cipher w…
CVE-2007-46142007-08-31BEA WebLogic Server 9.1 does not properly handle propagation of an admin server's security policy change log to temporarily unavailable managed servers, which…