BEA WebLogic Server 8.1 up to SP4 and 7.0 up to SP6 allows remote attackers to obtain the source code of JSP pages during certain circumstances related to a "timing window" when a compilation error occurs, aka the "JSP showcode vulnerability."
Max CVSS
2.6
EPSS Score
0.64%
Published
2006-05-19
Updated
2017-07-20
Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 9.0, when an Administrator uses the WebLogic Administration Console to add custom security policies, causes incorrect policies to be created, which prevents the server from properly protecting JNDI resources.
Max CVSS
2.1
EPSS Score
0.07%
Published
2006-01-25
Updated
2017-07-20
Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 8.1 SP5 allows untrusted applications to obtain the server's SSL identity via unknown attack vectors.
Max CVSS
2.1
EPSS Score
0.07%
Published
2006-01-25
Updated
2017-07-20
BEA WebLogic Server and WebLogic Express 9.0 causes new security providers to appear active even if they have not been activated by a server reboot, which could cause an administrator to perform inappropriate, security-relevant actions.
Max CVSS
2.1
EPSS Score
0.07%
Published
2006-01-25
Updated
2017-07-20
Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 9.0 and 8.1 through SP5 allows malicious EJBs or servlet applications to decrypt system passwords, possibly by accessing functionality that should have been restricted.
Max CVSS
2.1
EPSS Score
0.07%
Published
2006-01-25
Updated
2017-07-20
BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier (1) stores the private key passphrase (CustomTrustKeyStorePassPhrase) in cleartext in nodemanager.config; or, during domain creation with the Configuration Wizard, renders an SSL private key passphrase in cleartext (2) on a terminal or (3) in a log file, which might allow local users to obtain cryptographic keys.
Max CVSS
2.1
EPSS Score
0.04%
Published
2005-12-31
Updated
2018-09-27
BEA WebLogic Server and Express 8.1 SP1 and earlier allows local users in the Operator role to obtain administrator passwords via MBean attributes, including (1) ServerStartMBean.Password and (2) NodeManagerMBean.CertificatePassword.
Max CVSS
2.1
EPSS Score
0.04%
Published
2004-12-31
Updated
2017-07-11
BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 through SP2 does not enforce site restrictions for starting and stopping servers for users in the Admin and Operator security roles, which allows unauthorized users to cause a denial of service (service shutdown).
Max CVSS
2.1
EPSS Score
0.06%
Published
2004-07-07
Updated
2017-07-11
BEA WebLogic Express and WebLogic Server 7.0 and 7.0.0.1, stores passwords in plaintext when a keystore is used to store a private key or trust certificate authorities, which allows local users to gain access.
Max CVSS
2.1
EPSS Score
0.04%
Published
2003-12-31
Updated
2018-10-30
BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores certain secrets concerning password encryption insecurely in config.xml, filerealm.properties, and weblogic-rar.xml, which allows local users to learn those secrets and decrypt passwords.
Max CVSS
2.1
EPSS Score
0.04%
Published
2003-12-31
Updated
2008-09-10
The default CredentialMapper for BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores passwords in cleartext on disk, which allows local users to extract passwords.
Max CVSS
2.1
EPSS Score
0.04%
Published
2003-12-31
Updated
2008-09-10
Weblogic.admin for BEA WebLogic Server and Express 7.0 and 7.0.0.1 displays the JDBCConnectionPoolRuntimeMBean password to the screen in cleartext, which allows attackers to read a user's password by physically observing ("shoulder surfing") the screen.
Max CVSS
2.1
EPSS Score
0.04%
Published
2003-12-31
Updated
2008-09-10
BEA WebLogic Server and Express 6.1 through 7.0.0.1 buffers HTTP requests in a way that can cause BEA to send the same response for two different HTTP requests, which could allow remote attackers to obtain sensitive information that was intended for other users.
Max CVSS
2.6
EPSS Score
0.38%
Published
2002-12-31
Updated
2008-09-10
Race condition in Performance Pack in BEA WebLogic Server and Express 5.1.x, 6.0.x, 6.1.x and 7.0 allows remote attackers to cause a denial of service (crash) via a flood of data and connections.
Max CVSS
2.6
EPSS Score
0.79%
Published
2002-10-04
Updated
2008-09-05
14 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!