Vulnerabilities > BEA > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2003-03-24 | CVE-2003-0151 | Unspecified vulnerability in BEA Weblogic Server BEA WebLogic Server and Express 6.0 through 7.0 does not properly restrict access to certain internal servlets that perform administrative functions, which allows remote attackers to read arbitrary files or execute arbitrary code. | 7.5 |
| 2002-12-31 | CVE-2002-2142 | Unspecified vulnerability in BEA Weblogic Integration and Weblogic Server An undocumented extension for the Servlet mappings in the Servlet 2.3 specification, when upgrading to WebLogic Server and Express 7.0 Service Pack 1 from BEA WebLogic Server and Express 6.0 through 7.0.0.1, does not prepend a "/" character in certain URL patterns, which prevents the proper enforcement of role mappings and policies in applications that use the extension. | 7.5 |
| 2002-12-31 | CVE-2002-2141 | Unspecified vulnerability in BEA Weblogic Server 7.0/7.0.0.1 BEA WebLogic Server and Express 7.0 and 7.0.0.1, when running Servlets and Enterprise JavaBeans (EJB) on more than one server, will remove the security constraints and roles on all servers for any Servlets or EJB that are used by an application that is undeployed on one server, which could allow remote attackers to conduct unauthorized activities in violation of the intended restrictions. | 7.5 |
| 2000-12-31 | CVE-2000-1238 | Unspecified vulnerability in BEA Weblogic Server 5.1 BEA Systems WebLogic Express and WebLogic Server 5.1 SP1-SP6 allows remote attackers to bypass access controls for restricted JSP or servlet pages via a URL with multiple / (forward slash) characters before the restricted pages. | 7.5 |
| 2000-06-08 | CVE-2000-0499 | Improper Handling of Case Sensitivity vulnerability in BEA Weblogic Server The default configuration of BEA WebLogic 3.1.8 through 4.5.1 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case. | 7.5 |