Vulnerabilities > BEA > Weblogic Server > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2003-12-31 | CVE-2003-1222 | Denial of Service and Information Disclosure vulnerability in BEA Weblogic Server 8.1 BEA Weblogic Express and Server 8.0 through 8.1 SP 1, when using a foreign Java Message Service (JMS) provider, echoes the password for the foreign provider to the console and stores it in cleartext in config.xml, which could allow attackers to obtain the password. | 5.0 |
| 2003-12-31 | CVE-2003-1221 | Denial of Service and Information Disclosure vulnerability in BEA Weblogic Server 7.0/7.0.0.1/8.1 BEA WebLogic Express and Server 7.0 through 8.1 SP 1, under certain circumstances when a request to use T3 over SSL (t3s) is made to the insecure T3 port, may use a non-SSL connection for the communication, which could allow attackers to sniff sessions. | 5.0 |
| 2003-12-31 | CVE-2003-1220 | Denial of Service and Information Disclosure vulnerability in Multiple BEA WebLogic Server/Express BEA WebLogic Server proxy plugin for BEA Weblogic Express and Server 6.1 through 8.1 SP 1 allows remote attackers to cause a denial of service (proxy plugin crash) via a malformed URL. | 5.0 |
| 2003-12-31 | CVE-2003-1093 | Unspecified vulnerability in BEA Weblogic Server 6.1/7.0/7.0.0.1 BEA WebLogic Server 6.1, 7.0 and 7.0.0.1, when routing messages to a JMS target domain that is inaccessible, may leak the user's password when it throws a ResourceAllocationException. | 4.6 |
| 2003-12-01 | CVE-2003-0624 | Cross-Site Scripting vulnerability in BEA Weblogic Server Cross-site scripting (XSS) vulnerability in InteractiveQuery.jsp for BEA WebLogic 8.1 and earlier allows remote attackers to inject malicious web script via the person parameter. | 4.3 |
| 2003-12-01 | CVE-2003-0623 | Unspecified vulnerability in BEA Tuxedo and Weblogic Server Cross-site scripting (XSS) vulnerability in the Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to inject arbitrary web script via the INIFILE argument. network bea | 4.3 |
| 2003-12-01 | CVE-2003-0622 | Unspecified vulnerability in BEA Tuxedo and Weblogic Server The Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to cause a denial of service (hang) via pathname arguments that contain MS-DOS device names such as CON and AUX. | 5.0 |
| 2003-12-01 | CVE-2003-0621 | Unspecified vulnerability in BEA Tuxedo and Weblogic Server The Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to determine the existence of files outside the web root via modified paths in the INIFILE argument. | 5.0 |
| 2003-10-20 | CVE-2003-0733 | Cross-Site Scripting vulnerability in Bea WebLogic/Liquid Data Multiple cross-site scripting (XSS) vulnerabilities in WebLogic Integration 7.0 and 2.0, Liquid Data 1.1, and WebLogic Server and Express 5.1 through 7.0, allow remote attackers to execute arbitrary web script and steal authentication credentials via (1) a forward instruction to the Servlet container or (2) other vulnerabilities in the WebLogic Server console application. network bea | 6.8 |
| 2003-03-18 | CVE-2003-1095 | Authentication Bypass vulnerability in BEA Weblogic Server 7.0/7.0.0.1 BEA WebLogic Server and Express 7.0 and 7.0.0.1, when using "memory" session persistence for web applications, does not clear authentication information when a web application is redeployed, which could allow users of that application to gain access without having to re-authenticate. | 4.6 |