Vulnerabilities > BEA > Weblogic Server > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-01-23 | CVE-2007-0409 | Products Multiple vulnerability in BEA BEA WebLogic 7.0 through 7.0 SP6, 8.1 through 8.1 SP4, and 9.0 initial release does not encrypt passwords stored in the JDBCDataSourceFactory MBean Properties, which allows local administrative users to read the cleartext password. local bea | 1.5 |
| 2006-05-19 | CVE-2006-2466 | Remote Security vulnerability in BEA Weblogic Server 7.0/8.1 BEA WebLogic Server 8.1 up to SP4 and 7.0 up to SP6 allows remote attackers to obtain the source code of JSP pages during certain circumstances related to a "timing window" when a compilation error occurs, aka the "JSP showcode vulnerability." | 2.6 |
| 2006-01-25 | CVE-2006-0427 | Multiple vulnerability in BEA Weblogic Server 8.1/9.0 Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 9.0 and 8.1 through SP5 allows malicious EJBs or servlet applications to decrypt system passwords, possibly by accessing functionality that should have been restricted. | 2.1 |
| 2006-01-25 | CVE-2006-0429 | Multiple vulnerability in BEA Weblogic Server 9.0 BEA WebLogic Server and WebLogic Express 9.0 causes new security providers to appear active even if they have not been activated by a server reboot, which could cause an administrator to perform inappropriate, security-relevant actions. | 2.1 |
| 2006-01-25 | CVE-2006-0431 | Multiple vulnerability in BEA Weblogic Server 8.1 Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 8.1 SP5 allows untrusted applications to obtain the server's SSL identity via unknown attack vectors. | 2.1 |
| 2006-01-25 | CVE-2006-0432 | Multiple vulnerability in BEA Weblogic Server 9.0 Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 9.0, when an Administrator uses the WebLogic Administration Console to add custom security policies, causes incorrect policies to be created, which prevents the server from properly protecting JNDI resources. | 2.1 |
| 2005-12-31 | CVE-2005-4755 | Multiple vulnerability in BEA Weblogic Server 8.1 BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier (1) stores the private key passphrase (CustomTrustKeyStorePassPhrase) in cleartext in nodemanager.config; or, during domain creation with the Configuration Wizard, renders an SSL private key passphrase in cleartext (2) on a terminal or (3) in a log file, which might allow local users to obtain cryptographic keys. | 2.1 |
| 2005-12-31 | CVE-2005-4761 | Multiple vulnerability in BEA Weblogic Server 6.1/7.0/8.1 BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP5 and earlier, and 6.1 SP7 and earlier log the Java command line at server startup, which might include sensitive information (passwords or keyphrases) in the server log file when the -D option is used. | 1.2 |
| 2004-12-31 | CVE-2004-2321 | Unspecified vulnerability in BEA Weblogic Server 8.1 BEA WebLogic Server and Express 8.1 SP1 and earlier allows local users in the Operator role to obtain administrator passwords via MBean attributes, including (1) ServerStartMBean.Password and (2) NodeManagerMBean.CertificatePassword. | 2.1 |
| 2004-07-07 | CVE-2004-0471 | Denial of Service vulnerability in BEA Weblogic Server 7.0/8.1 BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 through SP2 does not enforce site restrictions for starting and stopping servers for users in the Admin and Operator security roles, which allows unauthorized users to cause a denial of service (service shutdown). | 2.1 |