Oracle » Weblogic Server : Security Vulnerabilities, CVEs,
Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 9.2, 9.1, 9.0, and 8.1 SP6 has unknown impact and local attack vectors.
Max CVSS
4.4
EPSS Score
0.06%
Published
2008-07-15
Updated
2021-04-21
Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 9.2 MP1 has unknown impact and remote authenticated attack vectors.
Max CVSS
4.6
EPSS Score
0.24%
Published
2008-07-15
Updated
2022-09-12
Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 10.0 and 9.2 MP1 has unknown impact and local attack vectors.
Max CVSS
4.3
EPSS Score
0.08%
Published
2008-07-15
Updated
2022-09-12
Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
Max CVSS
7.5
EPSS Score
0.61%
Published
2008-07-15
Updated
2020-10-14
CVE-2008-3257
Public exploit
Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
Max CVSS
10.0
EPSS Score
93.27%
Published
2008-07-22
Updated
2017-09-29
Unspecified vulnerability in the WebLogic Server in Oracle WebLogic Server 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, and 10.3.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Max CVSS
10.0
EPSS Score
11.14%
Published
2010-04-14
Updated
2021-04-21
Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
Max CVSS
6.4
EPSS Score
0.36%
Published
2010-07-13
Updated
2018-10-30
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 7.0.7, 8.1.6, 9.0, 9.1, 9.2.4, 10.0.2, 10.3.2, and 10.3.3 allows remote attackers to affect integrity via unknown vectors related to Servlet Container.
Max CVSS
4.3
EPSS Score
0.44%
Published
2011-01-19
Updated
2018-10-30
CVE-2015-4852
Known exploited
Public exploit
The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to oracle_common/modules/com.bea.core.apache.commons.collections.jar. NOTE: the scope of this CVE is limited to the WebLogic Server product.
Max CVSS
9.8
EPSS Score
96.88%
Published
2015-11-18
Updated
2023-12-21
CISA KEV Added
2021-11-03
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
Max CVSS
6.1
EPSS Score
0.66%
Published
2018-01-18
Updated
2021-01-08
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, 12.1.3, and 12.2.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Coherence Container.
Max CVSS
7.5
EPSS Score
0.92%
Published
2016-01-21
Updated
2018-10-30
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, 12.1.3, and 12.2.1 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS Java Messaging Service.
Max CVSS
7.5
EPSS Score
2.23%
Published
2016-01-21
Updated
2018-10-30
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, 12.1.3, and 12.2.1 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS Core Components, a different vulnerability than CVE-2016-0577.
Max CVSS
7.5
EPSS Score
2.23%
Published
2016-01-21
Updated
2018-10-30
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, 12.1.3, and 12.2.1 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS Core Components, a different vulnerability than CVE-2016-0574.
Max CVSS
7.5
EPSS Score
2.23%
Published
2016-01-21
Updated
2018-10-30
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, 12.1.3, and 12.2.1 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Java Messaging Service.
Max CVSS
9.8
EPSS Score
7.16%
Published
2016-04-21
Updated
2018-10-30
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Console, a different vulnerability than CVE-2016-0700.
Max CVSS
6.1
EPSS Score
0.29%
Published
2016-04-21
Updated
2018-10-30
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via vectors related to Core Components.
Max CVSS
3.7
EPSS Score
0.27%
Published
2016-04-21
Updated
2018-10-30
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6 allows remote attackers to affect confidentiality and integrity via vectors related to Console.
Max CVSS
6.4
EPSS Score
0.33%
Published
2016-04-21
Updated
2018-10-30
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Console, a different vulnerability than CVE-2016-0675.
Max CVSS
6.1
EPSS Score
0.29%
Published
2016-04-21
Updated
2018-10-30
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, 12.1.3, and 12.2.1 allows remote attackers to affect confidentiality and integrity via vectors related to Console.
Max CVSS
6.1
EPSS Score
0.29%
Published
2016-04-21
Updated
2018-10-30
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0 and 12.1.3.0 allows remote attackers to affect availability via vectors related to Web Container, a different vulnerability than CVE-2016-5488.
Max CVSS
5.3
EPSS Score
0.16%
Published
2016-07-21
Updated
2018-10-30
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 12.1.3.0 and 12.2.1.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Web Container.
Max CVSS
10.0
EPSS Score
1.84%
Published
2016-07-21
Updated
2018-10-30
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, and 12.2.1.0 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to JavaServer Faces.
Max CVSS
9.0
EPSS Score
0.38%
Published
2016-10-25
Updated
2018-10-30
CVE-2016-3510
Public exploit
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS Core Components, a different vulnerability than CVE-2016-3586.
Max CVSS
10.0
EPSS Score
4.41%
Published
2016-07-21
Updated
2019-04-01
Unspecified vulnerability in the Oracle Web Services component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, and 12.2.1.0.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXWS Web Services Stack.
Max CVSS
10.0
EPSS Score
1.24%
Published
2016-10-25
Updated
2017-07-29