Buffer overflow in BEA WebLogic server proxy plugin allows remote attackers to execute arbitrary commands via a long URL with a .JSP extension.
Max CVSS
10.0
EPSS Score
2.00%
Published
2000-10-20
Updated
2008-09-05
BEA WebLogic 5.1.x does not properly restrict access to the JSPServlet, which could allow remote attackers to compile and execute Java JSP code by directly invoking the servlet on any source file.
Max CVSS
10.0
EPSS Score
1.05%
Published
2000-10-20
Updated
2008-09-10
BEA WebLogic 5.1.x does not properly restrict access to the PageCompileServlet, which could allow remote attackers to compile and execute Java JHTML code by directly invoking the servlet on any source file.
Max CVSS
10.0
EPSS Score
3.93%
Published
2000-10-20
Updated
2008-09-10
The default configuration of BEA WebLogic 3.1.8 through 4.5.1 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case.
Max CVSS
7.5
EPSS Score
0.43%
Published
2000-06-08
Updated
2024-01-26
BEA Systems WebLogic Express and WebLogic Server 5.1 SP1-SP6 allows remote attackers to bypass access controls for restricted JSP or servlet pages via a URL with multiple / (forward slash) characters before the restricted pages.
Max CVSS
7.5
EPSS Score
0.52%
Published
2000-12-31
Updated
2017-07-11
The default configuration of BEA WebLogic 5.1.0 allows a remote attacker to view source code of programs by requesting a URL beginning with /file/, which causes the default servlet to display the file without further processing.
Max CVSS
5.0
EPSS Score
1.52%
Published
2000-06-21
Updated
2017-10-10
BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /ConsoleHelp/ into the URL, which invokes the FileServlet.
Max CVSS
5.0
EPSS Score
0.49%
Published
2000-10-20
Updated
2008-09-05
BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /*.shtml/ into the URL, which invokes the SSIServlet.
Max CVSS
5.0
EPSS Score
0.49%
Published
2000-10-20
Updated
2008-09-05
8 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!