Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-01-25 | CVE-2006-0427 | Multiple vulnerability in BEA Weblogic Server 8.1/9.0 Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 9.0 and 8.1 through SP5 allows malicious EJBs or servlet applications to decrypt system passwords, possibly by accessing functionality that should have been restricted. | 2.1 |
| 2006-01-25 | CVE-2006-0426 | Multiple vulnerability in BEA Weblogic Server 8.1 BEA WebLogic Server and WebLogic Express 8.1 through SP4, when configuration auditing is enabled and a password change occurs, stores the old and new passwords in cleartext in the DefaultAuditRecorder.log file, which could allow attackers to gain privileges. | 7.5 |
| 2006-01-25 | CVE-2006-0425 | Multiple vulnerability in Oracle Weblogic Portal 8.1 BEA WebLogic Portal 8.1 through SP4 allows remote attackers to obtain the source for a deployment descriptor file via unknown vectors. | 5.0 |
| 2006-01-25 | CVE-2006-0424 | Multiple vulnerability in BEA Weblogic Server 6.1/7.0/8.1 BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7 allows remote authenticated guest users to read the server log and obtain sensitive configuration information. | 4.0 |
| 2006-01-25 | CVE-2006-0423 | Multiple vulnerability in Oracle Weblogic Portal 8.1 BEA WebLogic Portal 8.1 through SP3 stores the password for the RDBMS Authentication provider in cleartext in the config.xml file, which allows attackers to gain privileges. | 7.5 |
| 2006-01-25 | CVE-2006-0422 | Multiple vulnerability in BEA Weblogic Server 6.1/7.0/8.1 Multiple unspecified vulnerabilities in BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7 allow remote attackers to access MBean attributes or cause an unspecified denial of service via unknown attack vectors. | 6.4 |
| 2006-01-25 | CVE-2006-0421 | Multiple vulnerability in BEA WebLogic By design, BEA WebLogic Server and WebLogic Express 7.0 and 6.1, when creating multiple domains from the same WebLogic instance on the same machine, allows administrators of any created domain to access other created domains, which could allow administrators to gain privileges that were not intended. | 4.6 |
| 2006-01-25 | CVE-2006-0420 | Denial-Of-Service vulnerability in BEA Weblogic Server 7.0/8.1 BEA WebLogic Server and WebLogic Express 8.1 through SP4 and 7.0 through SP6 does not properly handle when servlets use relative forwarding, which allows remote attackers to cause a denial of service (slowdown) via unknown attack vectors that cause "looping stack overflow errors." | 5.0 |
| 2006-01-25 | CVE-2006-0419 | Denial-Of-Service vulnerability in BEA Weblogic Server 7.0/8.1/9.0 BEA WebLogic Server and WebLogic Express 9.0, 8.1 through SP5, and 7.0 through SP6 allows anonymous binds to the embedded LDAP server, which allows remote attackers to read user entries or cause a denial of service (unspecified) via a large number of connections. | 6.4 |
| 2006-01-25 | CVE-2006-0381 | Remote Denial Of Service vulnerability in Freebsd 5.3/5.4/6.0 A logic error in the IP fragment cache functionality in pf in FreeBSD 5.3, 5.4, and 6.0, and OpenBSD, when a 'scrub fragment crop' or 'scrub fragment drop-ovl' rule is being used, allows remote attackers to cause a denial of service (crash) via crafted packets that cause a packet fragment to be inserted twice. | 5.0 |