Vulnerabilities > BEA > Weblogic Server > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-01-23 | CVE-2007-0424 | Products Multiple vulnerability in BEA Unspecified vulnerability in the BEA WebLogic Server proxy plug-in for Netscape Enterprise Server before September 2006 for Netscape Enterprise Server allow remote attackers to cause a denial of service via certain requests that trigger errors that lead to a server being marked as unavailable, hosting web server failure, or CPU consumption. | 5.0 |
| 2007-01-23 | CVE-2007-0422 | Products Multiple vulnerability in BEA Weblogic Server 9.0/9.1/9.2 BEA WebLogic Server 9.0, 9.1, and 9.2 Gold, when running on Solaris 9, allows remote attackers to cause a denial of service (server inaccessibility) via manipulated socket connections. | 5.0 |
| 2007-01-23 | CVE-2007-0421 | Products Multiple vulnerability in BEA BEA WebLogic Server 6.1 through 6.1 SP7, and 7.0 through 7.0 SP7 allows remote attackers to cause a denial of service (disk consumption) via requests containing malformed headers, which cause a large amount of data to be written to the server log. | 6.4 |
| 2007-01-23 | CVE-2007-0420 | Products Multiple vulnerability in BEA Weblogic Server 9.0/9.1/9.2 BEA WebLogic Server 9.0, 9.1, and 9.2 Gold allows remote attackers to obtain sensitive information via malformed HTTP requests, which reveal data from previous requests. | 5.0 |
| 2007-01-23 | CVE-2007-0419 | Products Multiple vulnerability in BEA The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage). | 5.0 |
| 2007-01-23 | CVE-2007-0415 | Products Multiple vulnerability in BEA BEA WebLogic Server 8.1 through 8.1 SP5 does not properly enforce access control after a dynamic update and dynamic redeployment of an application that is implemented through exploded jars, which allows attackers to bypass intended access restrictions. | 5.0 |
| 2007-01-23 | CVE-2007-0414 | Products Multiple vulnerability in BEA BEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, and 9.0 allows remote attackers to cause a denial of service (server hang) via certain requests that cause muxer threads to block when processing error pages. | 5.0 |
| 2007-01-23 | CVE-2007-0413 | Products Multiple vulnerability in BEA BEA WebLogic Server 8.1 through 8.1 SP5 stores cleartext data in a backup of config.xml after offline editing, which allows local users to obtain sensitive information by reading this backup file. local bea | 4.4 |
| 2007-01-23 | CVE-2007-0412 | Products Multiple vulnerability in BEA Weblogic Server 6.1/7.0/8.1 BEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP7, and 8.1 through 8.1 SP5 allows remote attackers to read arbitrary files inside the class-path property via .ear or exploded .ear files that use the manifest class-path property to point to utility jar files. | 5.0 |
| 2007-01-23 | CVE-2007-0411 | Products Multiple vulnerability in BEA BEA WebLogic Server 8.1 through 8.1 SP5, 9.0, 9.1, and 9.2 Gold, when WS-Security is used, does not properly validate certificates, which allows remote attackers to conduct a man-in-the-middle (MITM) attack. network bea | 6.8 |