Vulnerabilities > BEA > Weblogic Server > 6.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-05-24 | CVE-2005-1744 | Incomplete Cleanup vulnerability in BEA Weblogic Server BEA WebLogic Server and WebLogic Express 7.0 through Service Pack 5 does not log out users when an application is redeployed, which allows those users to continue to access the application without having to log in again, which may be in violation of newly changed security constraints or role mappings. | 9.8 |
| 2005-05-24 | CVE-2005-1743 | Remote vulnerability in BEA WebLogic Server and WebLogic Express BEA WebLogic Server and WebLogic Express 8.1 through Service Pack 3 and 7.0 through Service Pack 5 does not properly handle when a security provider throws an exception, which may cause WebLogic to use incorrect identity for the thread, or to fail to audit security exceptions. | 7.5 |
| 2005-05-24 | CVE-2005-1742 | Remote vulnerability in BEA WebLogic Server and WebLogic Express BEA WebLogic Server and WebLogic Express 8.1 SP2 and SP3 allows users with the Monitor security role to "shrink or reset JDBC connection pools." | 5.0 |
| 2003-12-31 | CVE-2003-1438 | Race Condition vulnerability in BEA Weblogic Server Race condition in BEA WebLogic Server and Express 5.1 through 7.0.0.1, when using in-memory session replication or replicated stateful session beans, causes the same buffer to be provided to two users, which could allow one user to see session data that was intended for another user. | 4.3 |
| 2003-12-31 | CVE-2003-1290 | Remote Information Disclosure vulnerability in BEA WebLogic Server and WebLogic Express MBean BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, with RMI and anonymous admin lookup enabled, allows remote attackers to obtain configuration information by accessing MBeanHome via the Java Naming and Directory Interface (JNDI). | 5.0 |
| 2003-12-01 | CVE-2003-0624 | Cross-Site Scripting vulnerability in BEA Weblogic Server Cross-site scripting (XSS) vulnerability in InteractiveQuery.jsp for BEA WebLogic 8.1 and earlier allows remote attackers to inject malicious web script via the person parameter. | 4.3 |
| 2003-03-24 | CVE-2003-0151 | Unspecified vulnerability in BEA Weblogic Server BEA WebLogic Server and Express 6.0 through 7.0 does not properly restrict access to certain internal servlets that perform administrative functions, which allows remote attackers to read arbitrary files or execute arbitrary code. | 7.5 |
| 2002-12-31 | CVE-2002-2142 | Unspecified vulnerability in BEA Weblogic Integration and Weblogic Server An undocumented extension for the Servlet mappings in the Servlet 2.3 specification, when upgrading to WebLogic Server and Express 7.0 Service Pack 1 from BEA WebLogic Server and Express 6.0 through 7.0.0.1, does not prepend a "/" character in certain URL patterns, which prevents the proper enforcement of role mappings and policies in applications that use the extension. | 7.5 |
| 2002-10-04 | CVE-2002-1030 | Denial of Service vulnerability in BEA Systems WebLogic Server and Express Race Condition Race condition in Performance Pack in BEA WebLogic Server and Express 5.1.x, 6.0.x, 6.1.x and 7.0 allows remote attackers to cause a denial of service (crash) via a flood of data and connections. | 2.6 |