) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- CPE Product Version: cpe:/a:bea:weblogic_server:5.1:sp10:express
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2004-2320 |
The default configuration of BEA WebLogic Server and Express 8.1 SP2 and earlier, 7.0 SP4 and earlier, 6.1 through SP6, and 5.1 through SP13 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting. Published: December 31, 2004; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 5.8 MEDIUM |
| CVE-2002-1030 |
Race condition in Performance Pack in BEA WebLogic Server and Express 5.1.x, 6.0.x, 6.1.x and 7.0 allows remote attackers to cause a denial of service (crash) via a flood of data and connections. Published: October 04, 2002; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 2.6 LOW |
| CVE-2000-0682 |
BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /ConsoleHelp/ into the URL, which invokes the FileServlet. Published: October 20, 2000; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
| CVE-2000-0683 |
BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /*.shtml/ into the URL, which invokes the SSIServlet. Published: October 20, 2000; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |