Vulnerabilities > BEA > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-04-13 | CVE-2004-1758 | Unspecified vulnerability in BEA Weblogic Server 6.1/7.0/8.1 BEA WebLogic Server and WebLogic Express version 8.1 up to SP2, 7.0 up to SP4, and 6.1 up to SP6 may store the database username and password for an untargeted JDBC connection pool in plaintext in config.xml, which allows local users to gain privileges. | 4.6 |
| 2004-04-13 | CVE-2004-1756 | Unspecified vulnerability in BEA Weblogic Server 7.0/8.1 BEA WebLogic Server and WebLogic Express 8.1 SP2 and earlier, and 7.0 SP4 and earlier, when using 2-way SSL with a custom trust manager, may accept a certificate chain even if the trust manager rejects it, which allows remote attackers to spoof other users or servers. | 5.0 |
| 2003-12-31 | CVE-2003-1438 | Race Condition vulnerability in BEA Weblogic Server Race condition in BEA WebLogic Server and Express 5.1 through 7.0.0.1, when using in-memory session replication or replicated stateful session beans, causes the same buffer to be provided to two users, which could allow one user to see session data that was intended for another user. | 4.3 |
| 2003-12-31 | CVE-2003-1290 | Remote Information Disclosure vulnerability in BEA WebLogic Server and WebLogic Express MBean BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, with RMI and anonymous admin lookup enabled, allows remote attackers to obtain configuration information by accessing MBeanHome via the Java Naming and Directory Interface (JNDI). | 5.0 |
| 2003-12-31 | CVE-2003-1223 | Denial of Service and Information Disclosure vulnerability in Multiple BEA WebLogic Server/Express The Node Manager for BEA WebLogic Express and Server 6.1 through 8.1 SP 1 allows remote attackers to cause a denial of service (Node Manager crash) via malformed data to the Node Manager's port, as demonstrated by nmap. | 5.0 |
| 2003-12-31 | CVE-2003-1222 | Denial of Service and Information Disclosure vulnerability in BEA Weblogic Server 8.1 BEA Weblogic Express and Server 8.0 through 8.1 SP 1, when using a foreign Java Message Service (JMS) provider, echoes the password for the foreign provider to the console and stores it in cleartext in config.xml, which could allow attackers to obtain the password. | 5.0 |
| 2003-12-31 | CVE-2003-1221 | Denial of Service and Information Disclosure vulnerability in BEA Weblogic Server 7.0/7.0.0.1/8.1 BEA WebLogic Express and Server 7.0 through 8.1 SP 1, under certain circumstances when a request to use T3 over SSL (t3s) is made to the insecure T3 port, may use a non-SSL connection for the communication, which could allow attackers to sniff sessions. | 5.0 |
| 2003-12-31 | CVE-2003-1220 | Denial of Service and Information Disclosure vulnerability in Multiple BEA WebLogic Server/Express BEA WebLogic Server proxy plugin for BEA Weblogic Express and Server 6.1 through 8.1 SP 1 allows remote attackers to cause a denial of service (proxy plugin crash) via a malformed URL. | 5.0 |
| 2003-12-31 | CVE-2003-1093 | Unspecified vulnerability in BEA Weblogic Server 6.1/7.0/7.0.0.1 BEA WebLogic Server 6.1, 7.0 and 7.0.0.1, when routing messages to a JMS target domain that is inaccessible, may leak the user's password when it throws a ResourceAllocationException. | 4.6 |
| 2003-12-01 | CVE-2003-0624 | Cross-Site Scripting vulnerability in BEA Weblogic Server Cross-site scripting (XSS) vulnerability in InteractiveQuery.jsp for BEA WebLogic 8.1 and earlier allows remote attackers to inject malicious web script via the person parameter. | 4.3 |