Vulnerabilities > BEA > Medium

DATE CVE VULNERABILITY TITLE RISK
2003-12-01 CVE-2003-0623 Unspecified vulnerability in BEA Tuxedo and Weblogic Server
Cross-site scripting (XSS) vulnerability in the Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to inject arbitrary web script via the INIFILE argument.
network
bea
4.3
2003-12-01 CVE-2003-0622 Unspecified vulnerability in BEA Tuxedo and Weblogic Server
The Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to cause a denial of service (hang) via pathname arguments that contain MS-DOS device names such as CON and AUX.
network
low complexity
bea
5.0
2003-12-01 CVE-2003-0621 Unspecified vulnerability in BEA Tuxedo and Weblogic Server
The Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to determine the existence of files outside the web root via modified paths in the INIFILE argument.
network
low complexity
bea
5.0
2003-10-20 CVE-2003-0733 Cross-Site Scripting vulnerability in Bea WebLogic/Liquid Data
Multiple cross-site scripting (XSS) vulnerabilities in WebLogic Integration 7.0 and 2.0, Liquid Data 1.1, and WebLogic Server and Express 5.1 through 7.0, allow remote attackers to execute arbitrary web script and steal authentication credentials via (1) a forward instruction to the Servlet container or (2) other vulnerabilities in the WebLogic Server console application.
network
bea
6.8
2003-03-18 CVE-2003-1095 Authentication Bypass vulnerability in BEA Weblogic Server 7.0/7.0.0.1
BEA WebLogic Server and Express 7.0 and 7.0.0.1, when using "memory" session persistence for web applications, does not clear authentication information when a web application is redeployed, which could allow users of that application to gain access without having to re-authenticate.
local
low complexity
bea
4.6
2002-03-25 CVE-2002-0106 Denial of Service vulnerability in BEA Weblogic Server 6.1
BEA Systems Weblogic Server 6.1 allows remote attackers to cause a denial of service via a series of requests to .JSP files that contain an MS-DOS device name.
network
low complexity
bea
5.0
2001-12-31 CVE-2001-1477 Local Security vulnerability in BEA Tuxedo 7.1
The Domain gateway in BEA Tuxedo 7.1 does not perform authorization checks for imported services and qspaces on remote domains, even when an ACL exists, which allows users to access services in a remote domain.
local
low complexity
bea
4.6
2000-10-20 CVE-2000-0683 Unspecified vulnerability in BEA Weblogic Server 5.1
BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /*.shtml/ into the URL, which invokes the SSIServlet.
network
low complexity
bea
5.0
2000-10-20 CVE-2000-0682 Unspecified vulnerability in BEA Weblogic Server 5.1
BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /ConsoleHelp/ into the URL, which invokes the FileServlet.
network
low complexity
bea
5.0
2000-06-21 CVE-2000-0500 Unspecified vulnerability in BEA Weblogic Server
The default configuration of BEA WebLogic 5.1.0 allows a remote attacker to view source code of programs by requesting a URL beginning with /file/, which causes the default servlet to display the file without further processing.
network
low complexity
bea
5.0