Vulnerabilities > BEA > Weblogic Server > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2003-12-31 | CVE-2003-1224 | Password Storage vulnerability in BEA Weblogic Server 7.0/7.0.0.1 Weblogic.admin for BEA WebLogic Server and Express 7.0 and 7.0.0.1 displays the JDBCConnectionPoolRuntimeMBean password to the screen in cleartext, which allows attackers to read a user's password by physically observing ("shoulder surfing") the screen. | 2.1 |
| 2003-12-31 | CVE-2003-1225 | Password Storage vulnerability in BEA Weblogic Server 7.0/7.0.0.1 The default CredentialMapper for BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores passwords in cleartext on disk, which allows local users to extract passwords. | 2.1 |
| 2003-12-31 | CVE-2003-1226 | Password Storage vulnerability in BEA Weblogic Server 7.0/7.0.0.1 BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores certain secrets concerning password encryption insecurely in config.xml, filerealm.properties, and weblogic-rar.xml, which allows local users to learn those secrets and decrypt passwords. | 2.1 |
| 2003-12-31 | CVE-2003-1437 | Unspecified vulnerability in BEA Weblogic Server 7.0/7.0.0.1 BEA WebLogic Express and WebLogic Server 7.0 and 7.0.0.1, stores passwords in plaintext when a keystore is used to store a private key or trust certificate authorities, which allows local users to gain access. | 2.1 |
| 2002-12-31 | CVE-2002-2177 | Information Disclosure vulnerability in BEA Weblogic Server 6.1/7.0/7.0.0.1 BEA WebLogic Server and Express 6.1 through 7.0.0.1 buffers HTTP requests in a way that can cause BEA to send the same response for two different HTTP requests, which could allow remote attackers to obtain sensitive information that was intended for other users. | 2.6 |
| 2002-10-04 | CVE-2002-1030 | Denial of Service vulnerability in BEA Systems WebLogic Server and Express Race Condition Race condition in Performance Pack in BEA WebLogic Server and Express 5.1.x, 6.0.x, 6.1.x and 7.0 allows remote attackers to cause a denial of service (crash) via a flood of data and connections. | 2.6 |