Vulnerabilities > BEA > Weblogic Server > 6.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-01-23 | CVE-2007-0425 | Remote Security vulnerability in JRockit Unspecified vulnerability in BEA WebLogic Platform and Server 8.1 through 8.1 SP5, and JRockit 1.4.2 R4.5 and earlier, allows attackers to gain privileges via unspecified vectors, related to an "overflow condition," probably a buffer overflow. | 7.5 |
2007-01-23 | CVE-2007-0421 | Products Multiple vulnerability in BEA BEA WebLogic Server 6.1 through 6.1 SP7, and 7.0 through 7.0 SP7 allows remote attackers to cause a denial of service (disk consumption) via requests containing malformed headers, which cause a large amount of data to be written to the server log. | 6.4 |
2007-01-23 | CVE-2007-0418 | Products Multiple vulnerability in BEA BEA WebLogic Server 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, 9.0, and 9.1 does not enforce a security policy that declares permissions for EJB methods that have array parameters, which allows remote attackers to obtain unauthorized access to these methods. | 7.5 |
2007-01-23 | CVE-2007-0417 | Products Multiple vulnerability in BEA BEA WebLogic Server 7.0 through 7.0 SP7, 8.1 through 8.1 SP5, 9.0, and 9.1, when using the WebLogic Server 6.1 compatibility realm, allows attackers to execute certain EJB container persistence operations with an administrative identity. | 10.0 |
2007-01-23 | CVE-2007-0415 | Products Multiple vulnerability in BEA BEA WebLogic Server 8.1 through 8.1 SP5 does not properly enforce access control after a dynamic update and dynamic redeployment of an application that is implemented through exploded jars, which allows attackers to bypass intended access restrictions. | 5.0 |
2007-01-23 | CVE-2007-0414 | Products Multiple vulnerability in BEA BEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, and 9.0 allows remote attackers to cause a denial of service (server hang) via certain requests that cause muxer threads to block when processing error pages. | 5.0 |
2007-01-23 | CVE-2007-0413 | Products Multiple vulnerability in BEA BEA WebLogic Server 8.1 through 8.1 SP5 stores cleartext data in a backup of config.xml after offline editing, which allows local users to obtain sensitive information by reading this backup file. local bea | 4.4 |
2007-01-23 | CVE-2007-0412 | Products Multiple vulnerability in BEA Weblogic Server 6.1/7.0/8.1 BEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP7, and 8.1 through 8.1 SP5 allows remote attackers to read arbitrary files inside the class-path property via .ear or exploded .ear files that use the manifest class-path property to point to utility jar files. | 5.0 |
2007-01-23 | CVE-2007-0411 | Products Multiple vulnerability in BEA BEA WebLogic Server 8.1 through 8.1 SP5, 9.0, 9.1, and 9.2 Gold, when WS-Security is used, does not properly validate certificates, which allows remote attackers to conduct a man-in-the-middle (MITM) attack. network bea | 6.8 |
2007-01-23 | CVE-2007-0409 | Products Multiple vulnerability in BEA BEA WebLogic 7.0 through 7.0 SP6, 8.1 through 8.1 SP4, and 9.0 initial release does not encrypt passwords stored in the JDBCDataSourceFactory MBean Properties, which allows local administrative users to read the cleartext password. local bea | 1.5 |