|
Cpe Name: cpe:/a:bea:weblogic_server:9.1::express
# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2008-0863 |
200 |
|
+Info |
2008-02-20 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
BEA WebLogic Server and WebLogic Express 9.0 and 9.1 exposes the web service's WSDL and security policies, which allows remote attackers to obtain sensitive information and potentially launch further attacks. |
2 |
CVE-2007-5576 |
200 |
|
+Info |
2007-10-18 |
2018-10-30 |
6.8 |
Admin |
Local |
Low |
Single system |
Complete |
Complete |
Complete |
BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which allows physically proximate attackers to obtain sensitive information via the (1) cnsbind, (2) cnsunbind, or (3) cnsls commands. |
3 |
CVE-2007-2700 |
|
|
+Info |
2007-05-15 |
2017-07-28 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
The WLST script generated by the configToScript command in BEA WebLogic Express and WebLogic Server 9.0 and 9.1 does not encrypt certain attributes in configuration files when creating a new domain, which allows remote authenticated users to obtain sensitive information. |
4 |
CVE-2007-2699 |
|
|
|
2007-05-15 |
2019-05-28 |
7.1 |
Admin |
Remote |
High |
Single system |
Complete |
Complete |
Complete |
The Administration Console in BEA WebLogic Express and WebLogic Server 9.0 and 9.1 does not properly enforce certain Domain Security Policies, which allows remote administrative users in the Deployer role to upload arbitrary files. |
5 |
CVE-2007-2697 |
|
|
DoS |
2007-05-15 |
2017-07-28 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
The embedded LDAP server in BEA WebLogic Express and WebLogic Server 7.0 through SP6, 8.1 through SP5, 9.0, and 9.1, when in certain configurations, does not limit or audit failed authentication attempts, which allows remote attackers to more easily conduct brute-force attacks against the administrator password, or flood the server with login attempts and cause a denial of service. |
Total number of vulnerabilities : 5
Page :
1
(This Page)
|
|
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is
MITRE's CVE web site.
CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is
MITRE's CWE web site.
OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is
MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition.
There are NO warranties, implied or otherwise, with regard to this information or its use.
Any use of this information is at the user's risk.
It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content.
EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site.
ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT,
INDIRECT or any other kind of loss.