Vulnerabilities > BEA > Weblogic Server > 6.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-07-22 | CVE-2008-3257 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request. | 10.0 |
| 2008-02-22 | CVE-2008-0902 | Cross-Site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 6.1 through 10.0 MP1 allow remote attackers to inject arbitrary web script or HTML via unspecified samples. | 4.3 |
| 2008-02-22 | CVE-2008-0895 | Improper Authentication vulnerability in BEA Weblogic Server BEA WebLogic Server and WebLogic Express 6.1 through 10.0 allows remote attackers to bypass authentication for application servlets via crafted request headers. | 6.4 |
| 2007-10-18 | CVE-2007-5576 | Information Exposure vulnerability in multiple products BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which allows physically proximate attackers to obtain sensitive information via the (1) cnsbind, (2) cnsunbind, or (3) cnsls commands. | 6.8 |
| 2007-08-31 | CVE-2007-4618 | Resource Management Errors vulnerability in BEA Weblogic Server 6.0/6.1/7.0 Unspecified vulnerability in BEA WebLogic Server 6.1 Gold through SP7 and 7.0 Gold through SP7 allows remote attackers to cause a denial of service (disk consumption) via certain malformed HTTP headers. | 7.8 |
| 2007-08-31 | CVE-2007-4617 | Resource Management Errors vulnerability in BEA Weblogic Server Unspecified vulnerability in BEA WebLogic Server 6.1 Gold through SP7, 7.0 Gold through SP7, and 8.1 Gold through SP4 allows remote attackers to cause a denial of service (server thread hang) via unspecified vectors. | 7.8 |
| 2007-08-31 | CVE-2007-4613 | Cryptographic Issues vulnerability in BEA Weblogic Server SSL libraries in BEA WebLogic Server 6.1 Gold through SP7, 7.0 Gold through SP7, and 8.1 Gold through SP5 might allow remote attackers to obtain plaintext from an SSL stream via a man-in-the-middle attack that injects crafted data and measures the elapsed time before an error response, a different vulnerability than CVE-2006-2461. | 6.8 |
| 2007-05-16 | CVE-2007-2696 | Remote Security vulnerability in BEA Weblogic Server 6.1/7.0/8.1 The JMS Server in BEA WebLogic Server 6.1 through SP7, 7.0 through SP6, and 8.1 through SP5 enforces security access policies on the front end, which allows remote attackers to access protected queues via direct requests to the JMS back-end server. network bea | 6.8 |
| 2007-05-16 | CVE-2007-2695 | Remote Security vulnerability in Weblogic Server The HttpClusterServlet and HttpProxyServlet in BEA WebLogic Express and WebLogic Server 6.1 through SP7, 7.0 through SP7, 8.1 through SP5, 9.0, and 9.1, when SecureProxy is enabled, may process "external requests on behalf of a system identity," which allows remote attackers to access administrative data or functionality. | 5.1 |
| 2007-05-16 | CVE-2007-2694 | Cross-Site Scripting vulnerability in Weblogic Server Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Express and WebLogic Server 6.1 through SP7, 7.0 through SP7, 8.1 through SP5, 9.0 GA, and 9.1 GA allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. network bea | 4.3 |