Vulnerabilities > BEA > Weblogic Server > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-02-22 | CVE-2008-0901 | Information Exposure vulnerability in multiple products BEA WebLogic Server and Express 7.0 through 10.0 allows remote attackers to conduct brute force password guessing attacks, even when account lockout has been activated, via crafted URLs that indicate whether a guessed password is successful or not. | 7.1 |
| 2008-02-22 | CVE-2008-0897 | Permissions, Privileges, and Access Controls vulnerability in BEA Weblogic Server Unspecified vulnerability in BEA WebLogic Server 9.0 through 10.0 allows remote authenticated users without "receive" permissions to bypass intended access restrictions and receive messages from a standalone JMS Topic or secured Distributed Topic member destination, related to durable subscriptions. | 7.9 |
| 2007-08-31 | CVE-2007-4618 | Resource Management Errors vulnerability in BEA Weblogic Server 6.0/6.1/7.0 Unspecified vulnerability in BEA WebLogic Server 6.1 Gold through SP7 and 7.0 Gold through SP7 allows remote attackers to cause a denial of service (disk consumption) via certain malformed HTTP headers. | 7.8 |
| 2007-08-31 | CVE-2007-4617 | Resource Management Errors vulnerability in BEA Weblogic Server Unspecified vulnerability in BEA WebLogic Server 6.1 Gold through SP7, 7.0 Gold through SP7, and 8.1 Gold through SP4 allows remote attackers to cause a denial of service (server thread hang) via unspecified vectors. | 7.8 |
| 2007-08-31 | CVE-2007-4614 | Permissions, Privileges, and Access Controls vulnerability in BEA Weblogic Server 9.1 BEA WebLogic Server 9.1 does not properly handle propagation of an admin server's security policy change log to temporarily unavailable managed servers, which might allow attackers to bypass intended restrictions, a different vulnerability than CVE-2007-0426. | 7.5 |
| 2007-05-16 | CVE-2007-2699 | File-Upload vulnerability in Weblogic Server 9.0/9.1 The Administration Console in BEA WebLogic Express and WebLogic Server 9.0 and 9.1 does not properly enforce certain Domain Security Policies, which allows remote administrative users in the Deployer role to upload arbitrary files. | 7.1 |
| 2007-01-23 | CVE-2007-0425 | Remote Security vulnerability in JRockit Unspecified vulnerability in BEA WebLogic Platform and Server 8.1 through 8.1 SP5, and JRockit 1.4.2 R4.5 and earlier, allows attackers to gain privileges via unspecified vectors, related to an "overflow condition," probably a buffer overflow. | 7.5 |
| 2007-01-23 | CVE-2007-0418 | Products Multiple vulnerability in BEA BEA WebLogic Server 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, 9.0, and 9.1 does not enforce a security policy that declares permissions for EJB methods that have array parameters, which allows remote attackers to obtain unauthorized access to these methods. | 7.5 |
| 2007-01-23 | CVE-2007-0416 | Products Multiple vulnerability in BEA The WSEE runtime (WS-Security runtime) in BEA WebLogic Server 9.0 and 9.1 does not verify credentials when decrypting client messages, which allows remote attackers to bypass application security. | 7.5 |
| 2007-01-23 | CVE-2007-0408 | Products Multiple vulnerability in BEA BEA Weblogic Server 8.1 through 8.1 SP4 does not properly validate client certificates when reusing cached connections, which allows remote attackers to obtain access via an untrusted X.509 certificate. | 7.5 |