Vulnerabilities > BEA > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-01-25 | CVE-2006-0420 | Denial-Of-Service vulnerability in BEA Weblogic Server 7.0/8.1 BEA WebLogic Server and WebLogic Express 8.1 through SP4 and 7.0 through SP6 does not properly handle when servlets use relative forwarding, which allows remote attackers to cause a denial of service (slowdown) via unknown attack vectors that cause "looping stack overflow errors." | 5.0 |
| 2006-01-25 | CVE-2006-0419 | Denial-Of-Service vulnerability in BEA Weblogic Server 7.0/8.1/9.0 BEA WebLogic Server and WebLogic Express 9.0, 8.1 through SP5, and 7.0 through SP6 allows anonymous binds to the embedded LDAP server, which allows remote attackers to read user entries or cause a denial of service (unspecified) via a large number of connections. | 6.4 |
| 2005-12-31 | CVE-2005-4767 | Multiple vulnerability in BEA Weblogic Server 7.0/8.1 BEA WebLogic Server and WebLogic Express 8.1 SP5 and earlier, and 7.0 SP6 and earlier, when using username/password authentication, does not lock out a username after the maximum number of invalid login attempts, which makes it easier for remote attackers to guess the password. | 5.1 |
| 2005-12-31 | CVE-2005-4766 | Multiple vulnerability in BEA Weblogic Server 7.0/8.1 BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP5 and earlier, do not encrypt multicast traffic, which might allow remote attackers to read sensitive cluster synchronization messages by sniffing the multicast traffic. | 5.4 |
| 2005-12-31 | CVE-2005-4760 | Multiple vulnerability in BEA Weblogic Server 7.0/8.1 BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier, and 7.0 SP5 and earlier, when fullyDelegatedAuthorization is enabled for a servlet, does not cause servlet deployment to fail when failures occur in authorization or role providers, which might prevent the servlet from being "fully protected." | 5.1 |
| 2005-12-31 | CVE-2005-4759 | Multiple vulnerability in BEA Weblogic Server 7.0/8.1 BEA WebLogic Server and WebLogic Express 8.1 and 7.0, during a migration across operating system platforms, do not warn the administrative user about platform differences in URLResource case sensitivity, which might cause local users to inadvertently lose protection of Web Application pages. | 5.0 |
| 2005-12-31 | CVE-2005-4758 | Multiple vulnerability in BEA Weblogic Server 8.1 Unspecified vulnerability in the Administration server in BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier allows remote authenticated Admin users to read arbitrary files via unknown attack vectors related to an "internal servlet" accessed through HTTP. | 4.0 |
| 2005-12-31 | CVE-2005-4754 | Multiple vulnerability in BEA Weblogic Server 8.1 BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier allow remote attackers to obtain sensitive information (intranet IP addresses) via unknown attack vectors involving "network address translation." | 5.0 |
| 2005-12-31 | CVE-2005-4753 | Multiple vulnerability in BEA Weblogic Server 7.0/8.1 BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP6 and earlier, in certain "heavy usage" scenarios, report incorrect severity levels for an audit event, which might allow attackers to perform unauthorized actions and avoid detection. | 5.0 |
| 2005-12-31 | CVE-2005-4752 | Multiple vulnerability in BEA Weblogic Server 7.0/8.1 BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP6 and earlier, might allow local users to gain privileges by using the run-as deployment descriptor element to change the privileges of a web application or EJB from the Deployer security role to the Admin security role. | 4.6 |