Search Results (Refine Search)
- CPE Product Version: cpe:/a:bea:weblogic_server:5.1:sp3
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2008-3257 |
Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request. Published: July 22, 2008; 12:41:00 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2004-2320 |
The default configuration of BEA WebLogic Server and Express 8.1 SP2 and earlier, 7.0 SP4 and earlier, 6.1 through SP6, and 5.1 through SP13 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting. Published: December 31, 2004; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 5.8 MEDIUM |
CVE-2002-1030 |
Race condition in Performance Pack in BEA WebLogic Server and Express 5.1.x, 6.0.x, 6.1.x and 7.0 allows remote attackers to cause a denial of service (crash) via a flood of data and connections. Published: October 04, 2002; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 2.6 LOW |
CVE-2000-1238 |
BEA Systems WebLogic Express and WebLogic Server 5.1 SP1-SP6 allows remote attackers to bypass access controls for restricted JSP or servlet pages via a URL with multiple / (forward slash) characters before the restricted pages. Published: December 31, 2000; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2000-0682 |
BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /ConsoleHelp/ into the URL, which invokes the FileServlet. Published: October 20, 2000; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2000-0683 |
BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /*.shtml/ into the URL, which invokes the SSIServlet. Published: October 20, 2000; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |