Vulnerabilities > BEA > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2003-12-01 | CVE-2003-0623 | Unspecified vulnerability in BEA Tuxedo and Weblogic Server Cross-site scripting (XSS) vulnerability in the Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to inject arbitrary web script via the INIFILE argument. network bea | 4.3 |
2003-12-01 | CVE-2003-0622 | Unspecified vulnerability in BEA Tuxedo and Weblogic Server The Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to cause a denial of service (hang) via pathname arguments that contain MS-DOS device names such as CON and AUX. | 5.0 |
2003-12-01 | CVE-2003-0621 | Unspecified vulnerability in BEA Tuxedo and Weblogic Server The Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to determine the existence of files outside the web root via modified paths in the INIFILE argument. | 5.0 |
2003-10-20 | CVE-2003-0733 | Cross-Site Scripting vulnerability in Bea WebLogic/Liquid Data Multiple cross-site scripting (XSS) vulnerabilities in WebLogic Integration 7.0 and 2.0, Liquid Data 1.1, and WebLogic Server and Express 5.1 through 7.0, allow remote attackers to execute arbitrary web script and steal authentication credentials via (1) a forward instruction to the Servlet container or (2) other vulnerabilities in the WebLogic Server console application. network bea | 6.8 |
2003-03-18 | CVE-2003-1095 | Authentication Bypass vulnerability in BEA Weblogic Server 7.0/7.0.0.1 BEA WebLogic Server and Express 7.0 and 7.0.0.1, when using "memory" session persistence for web applications, does not clear authentication information when a web application is redeployed, which could allow users of that application to gain access without having to re-authenticate. | 4.6 |
2002-03-25 | CVE-2002-0106 | Denial of Service vulnerability in BEA Weblogic Server 6.1 BEA Systems Weblogic Server 6.1 allows remote attackers to cause a denial of service via a series of requests to .JSP files that contain an MS-DOS device name. | 5.0 |
2001-12-31 | CVE-2001-1477 | Local Security vulnerability in BEA Tuxedo 7.1 The Domain gateway in BEA Tuxedo 7.1 does not perform authorization checks for imported services and qspaces on remote domains, even when an ACL exists, which allows users to access services in a remote domain. | 4.6 |
2000-10-20 | CVE-2000-0683 | Unspecified vulnerability in BEA Weblogic Server 5.1 BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /*.shtml/ into the URL, which invokes the SSIServlet. | 5.0 |
2000-10-20 | CVE-2000-0682 | Unspecified vulnerability in BEA Weblogic Server 5.1 BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /ConsoleHelp/ into the URL, which invokes the FileServlet. | 5.0 |
2000-06-21 | CVE-2000-0500 | Unspecified vulnerability in BEA Weblogic Server The default configuration of BEA WebLogic 5.1.0 allows a remote attacker to view source code of programs by requesting a URL beginning with /file/, which causes the default servlet to display the file without further processing. | 5.0 |