BEA Systems WebLogic Server 5.1 SP6

CPE Details

BEA Systems WebLogic Server 5.1 SP6
bea
weblogic_server
5.1
2007-08-23
19h16 +00:00
2008-04-07
11h42 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:bea:weblogic_server:5.1:sp6:*:*:*:*:*:*

Informations

Vendor

bea

Product

weblogic_server

Version

5.1

Update

sp6

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2008-3257 2008-07-22 14h00 +00:00 Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
10
CVE-2003-1438 2007-10-22 23h00 +00:00 Race condition in BEA WebLogic Server and Express 5.1 through 7.0.0.1, when using in-memory session replication or replicated stateful session beans, causes the same buffer to be provided to two users, which could allow one user to see session data that was intended for another user.
4.3
CVE-2007-0409 2007-01-22 23h00 +00:00 BEA WebLogic 7.0 through 7.0 SP6, 8.1 through 8.1 SP4, and 9.0 initial release does not encrypt passwords stored in the JDBCDataSourceFactory MBean Properties, which allows local administrative users to read the cleartext password.
1.5
CVE-2007-0414 2007-01-22 23h00 +00:00 BEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, and 9.0 allows remote attackers to cause a denial of service (server hang) via certain requests that cause muxer threads to block when processing error pages.
5
CVE-2007-0418 2007-01-22 23h00 +00:00 BEA WebLogic Server 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, 9.0, and 9.1 does not enforce a security policy that declares permissions for EJB methods that have array parameters, which allows remote attackers to obtain unauthorized access to these methods.
7.5
CVE-2007-0419 2007-01-22 23h00 +00:00 The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
5
CVE-2007-0424 2007-01-22 23h00 +00:00 Unspecified vulnerability in the BEA WebLogic Server proxy plug-in for Netscape Enterprise Server before September 2006 for Netscape Enterprise Server allow remote attackers to cause a denial of service via certain requests that trigger errors that lead to a server being marked as unavailable, hosting web server failure, or CPU consumption.
5
CVE-2000-1238 2005-11-16 20h17 +00:00 BEA Systems WebLogic Express and WebLogic Server 5.1 SP1-SP6 allows remote attackers to bypass access controls for restricted JSP or servlet pages via a URL with multiple / (forward slash) characters before the restricted pages.
7.5
CVE-2004-2320 2005-08-16 02h00 +00:00 The default configuration of BEA WebLogic Server and Express 8.1 SP2 and earlier, 7.0 SP4 and earlier, 6.1 through SP6, and 5.1 through SP13 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting.
5.8
CVE-2005-1744 2005-05-24 02h00 +00:00 BEA WebLogic Server and WebLogic Express 7.0 through Service Pack 5 does not log out users when an application is redeployed, which allows those users to continue to access the application without having to log in again, which may be in violation of newly changed security constraints or role mappings.
9.8
Critique
CVE-2003-0624 2003-11-05 04h00 +00:00 Cross-site scripting (XSS) vulnerability in InteractiveQuery.jsp for BEA WebLogic 8.1 and earlier allows remote attackers to inject malicious web script via the person parameter.
4.3
CVE-2003-0733 2003-09-04 02h00 +00:00 Multiple cross-site scripting (XSS) vulnerabilities in WebLogic Integration 7.0 and 2.0, Liquid Data 1.1, and WebLogic Server and Express 5.1 through 7.0, allow remote attackers to execute arbitrary web script and steal authentication credentials via (1) a forward instruction to the Servlet container or (2) other vulnerabilities in the WebLogic Server console application.
6.8
CVE-2003-0640 2003-08-02 02h00 +00:00 BEA WebLogic Server and Express, when using NodeManager to start servers, provides Operator users with privileges to overwrite usernames and passwords, which may allow Operators to gain Admin privileges.
10
CVE-2002-1030 2003-04-02 03h00 +00:00 Race condition in Performance Pack in BEA WebLogic Server and Express 5.1.x, 6.0.x, 6.1.x and 7.0 allows remote attackers to cause a denial of service (crash) via a flood of data and connections.
2.6
CVE-2000-0500 2000-10-13 02h00 +00:00 The default configuration of BEA WebLogic 5.1.0 allows a remote attacker to view source code of programs by requesting a URL beginning with /file/, which causes the default servlet to display the file without further processing.
5
CVE-2000-0682 2000-10-13 02h00 +00:00 BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /ConsoleHelp/ into the URL, which invokes the FileServlet.
5
CVE-2000-0683 2000-10-13 02h00 +00:00 BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /*.shtml/ into the URL, which invokes the SSIServlet.
5