Search Results (160 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-4613 1 Bea 1 Weblogic Server 2026-04-23 N/A
SSL libraries in BEA WebLogic Server 6.1 Gold through SP7, 7.0 Gold through SP7, and 8.1 Gold through SP5 might allow remote attackers to obtain plaintext from an SSL stream via a man-in-the-middle attack that injects crafted data and measures the elapsed time before an error response, a different vulnerability than CVE-2006-2461.
CVE-2008-0866 1 Bea 1 Weblogic Workshop 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Workshop allow remote attackers to inject arbitrary web script or HTML via an invalid action URI, which is not properly handled by NetUI page flows.
CVE-2008-0898 1 Bea 1 Weblogic Server 2026-04-23 N/A
The distributed queue feature in JMS in BEA WebLogic Server 9.0 through 10.0, in certain configurations, does not properly handle when a client cannot send a message to a member of a distributed queue, which allows remote authenticated users to bypass intended access restrictions for protected distributed queues.
CVE-2008-0900 2 Bea, Bea Systems 2 Weblogic Server, Weblogic Express 2026-04-23 N/A
Session fixation vulnerability in BEA WebLogic Server and Express 8.1 SP4 through SP6, 9.2 through MP1, and 10.0 allows remote authenticated users to hijack web sessions via unknown vectors.
CVE-2007-2694 1 Bea 1 Weblogic Server 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Express and WebLogic Server 6.1 through SP7, 7.0 through SP7, 8.1 through SP5, 9.0 GA, and 9.1 GA allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-2695 1 Bea 1 Weblogic Server 2026-04-23 N/A
The HttpClusterServlet and HttpProxyServlet in BEA WebLogic Express and WebLogic Server 6.1 through SP7, 7.0 through SP7, 8.1 through SP5, 9.0, and 9.1, when SecureProxy is enabled, may process "external requests on behalf of a system identity," which allows remote attackers to access administrative data or functionality.
CVE-2008-0902 2 Bea, Bea Systems 2 Weblogic Server, Weblogic Server 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 6.1 through 10.0 MP1 allow remote attackers to inject arbitrary web script or HTML via unspecified samples. NOTE: this might be the same issue as CVE-2007-2694.
CVE-2007-2698 1 Bea 1 Weblogic Server 2026-04-23 N/A
The Administration Console in BEA WebLogic Server 9.0 may show plaintext Web Service attributes during configuration creation, which allows remote attackers to obtain sensitive credential information.
CVE-2007-2701 1 Bea 1 Weblogic Server 2026-04-23 N/A
The JMS Message Bridge in BEA WebLogic Server 7.0 through SP7 and 8.1 through Service Pack 6, when configured without a username and password, or when the connection URL is not defined, allows remote attackers to bypass the security access policy and "send unauthorized messages to a protected queue."
CVE-2007-2704 1 Bea 1 Weblogic Server 2026-04-23 N/A
BEA WebLogic Server 9.0 through 9.2 allows remote attackers to cause a denial of service (SSL port unavailability) by accessing a half-closed SSL socket.
CVE-2007-0414 1 Bea 1 Weblogic Server 2026-04-23 N/A
BEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, and 9.0 allows remote attackers to cause a denial of service (server hang) via certain requests that cause muxer threads to block when processing error pages.
CVE-2007-0420 1 Bea 1 Weblogic Server 2026-04-23 N/A
BEA WebLogic Server 9.0, 9.1, and 9.2 Gold allows remote attackers to obtain sensitive information via malformed HTTP requests, which reveal data from previous requests.
CVE-2007-0422 1 Bea 1 Weblogic Server 2026-04-23 N/A
BEA WebLogic Server 9.0, 9.1, and 9.2 Gold, when running on Solaris 9, allows remote attackers to cause a denial of service (server inaccessibility) via manipulated socket connections.
CVE-2007-0424 1 Bea 1 Weblogic Server 2026-04-23 N/A
Unspecified vulnerability in the BEA WebLogic Server proxy plug-in for Netscape Enterprise Server before September 2006 for Netscape Enterprise Server allow remote attackers to cause a denial of service via certain requests that trigger errors that lead to a server being marked as unavailable, hosting web server failure, or CPU consumption.
CVE-2007-0434 1 Bea 1 Aqualogic Enterprise Security 2026-04-23 N/A
BEA AquaLogic Enterprise Security 2.0 through 2.0 SP2, 2.1 through 2.1 SP1, and 2.2 does not properly set the severity level of audit events when the system load is high, which might make it easier for attackers to avoid detection.
CVE-2007-4614 1 Bea 1 Weblogic Server 2026-04-23 N/A
BEA WebLogic Server 9.1 does not properly handle propagation of an admin server's security policy change log to temporarily unavailable managed servers, which might allow attackers to bypass intended restrictions, a different vulnerability than CVE-2007-0426.
CVE-2007-4616 1 Bea 1 Weblogic Server 2026-04-23 N/A
The SSL server implementation in BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP1, and 10.0 sometimes selects the null cipher when no other cipher is compatible between the server and client, which might allow remote attackers to intercept communications.
CVE-2007-4618 1 Bea 1 Weblogic Server 2026-04-23 N/A
Unspecified vulnerability in BEA WebLogic Server 6.1 Gold through SP7 and 7.0 Gold through SP7 allows remote attackers to cause a denial of service (disk consumption) via certain malformed HTTP headers.
CVE-2008-3257 3 Bea, Bea Systems, Oracle 4 Weblogic Server, Apache Connector In Weblogic Server, Weblogic Server and 1 more 2026-04-23 N/A
Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
CVE-2007-0408 1 Bea 1 Weblogic Server 2026-04-23 N/A
BEA Weblogic Server 8.1 through 8.1 SP4 does not properly validate client certificates when reusing cached connections, which allows remote attackers to obtain access via an untrusted X.509 certificate.