Vulnerabilities > BEA > Weblogic Server > 6.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-07-22 | CVE-2008-3257 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request. | 10.0 |
2007-08-31 | CVE-2007-4618 | Resource Management Errors vulnerability in BEA Weblogic Server 6.0/6.1/7.0 Unspecified vulnerability in BEA WebLogic Server 6.1 Gold through SP7 and 7.0 Gold through SP7 allows remote attackers to cause a denial of service (disk consumption) via certain malformed HTTP headers. | 7.8 |
2007-08-31 | CVE-2007-4617 | Resource Management Errors vulnerability in BEA Weblogic Server Unspecified vulnerability in BEA WebLogic Server 6.1 Gold through SP7, 7.0 Gold through SP7, and 8.1 Gold through SP4 allows remote attackers to cause a denial of service (server thread hang) via unspecified vectors. | 7.8 |
2007-08-31 | CVE-2007-4613 | Cryptographic Issues vulnerability in BEA Weblogic Server SSL libraries in BEA WebLogic Server 6.1 Gold through SP7, 7.0 Gold through SP7, and 8.1 Gold through SP5 might allow remote attackers to obtain plaintext from an SSL stream via a man-in-the-middle attack that injects crafted data and measures the elapsed time before an error response, a different vulnerability than CVE-2006-2461. | 6.8 |
2006-05-19 | CVE-2006-2469 | Remote Security vulnerability in Weblogic Server The HTTP handlers in BEA WebLogic Server 9.0, 8.1 up to SP5, 7.0 up to SP6, and 6.1 up to SP7 stores the username and password in cleartext in the WebLogic Server log when access to a web application or protected JWS fails, which allows attackers to gain privileges. | 7.5 |
2005-05-24 | CVE-2005-1749 | Remote vulnerability in BEA WebLogic Server and WebLogic Express Buffer overflow in BEA WebLogic Server and WebLogic Express 6.1 Service Pack 4 allows remote attackers to cause a denial of service (CPU consumption from thread looping). | 5.0 |
2005-05-24 | CVE-2005-1748 | Remote vulnerability in BEA WebLogic Server and WebLogic Express The embedded LDAP server in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through Service Pack 5, allows remote anonymous binds, which may allow remote attackers to view user entries or cause a denial of service. | 5.0 |
2005-05-24 | CVE-2005-1747 | Remote vulnerability in BEA WebLogic Server and WebLogic Express Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through Service Pack 6, allow remote attackers to inject arbitrary web script or HTML, and possibly gain administrative privileges, via the (1) j_username or (2) j_password parameters in the login page (LoginForm.jsp), (3) parameters to the error page in the Administration Console, (4) unknown vectors in the Server Console while the administrator has an active session to obtain the ADMINCONSOLESESSION cookie, or (5) an alternate vector in the Server Console that does not require an active session but also leaks the username and password. | 6.8 |
2005-05-24 | CVE-2005-1746 | Remote vulnerability in BEA WebLogic Server and WebLogic Express The cluster cookie parsing code in BEA WebLogic Server 7.0 through Service Pack 5 attempts to contact any host or port specified in a cookie, even when it is not in the cluster, which allows remote attackers to cause a denial of service (cluster slowdown) via modified cookies. | 5.0 |
2005-05-24 | CVE-2005-1745 | Remote vulnerability in BEA WebLogic Server and WebLogic Express The UserLogin control in BEA WebLogic Portal 8.1 through Service Pack 3 prints the password to standard output when an incorrect login attempt is made, which could make it easier for attackers to guess the correct password. | 4.6 |