Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Weblogic_server
(Bea)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 150 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2002-10-04 | CVE-2002-1030 | Race condition in Performance Pack in BEA WebLogic Server and Express 5.1.x, 6.0.x, 6.1.x and 7.0 allows remote attackers to cause a denial of service (crash) via a flood of data and connections. | Weblogic_server | N/A | ||
| 2002-03-25 | CVE-2002-0106 | BEA Systems Weblogic Server 6.1 allows remote attackers to cause a denial of service via a series of requests to .JSP files that contain an MS-DOS device name. | Weblogic_server | N/A | ||
| 2001-02-12 | CVE-2001-0098 | Buffer overflow in Bea WebLogic Server before 5.1.0 allows remote attackers to execute arbitrary commands via a long URL that begins with a ".." string. | Weblogic_server | N/A | ||
| 2000-12-31 | CVE-2000-1238 | BEA Systems WebLogic Express and WebLogic Server 5.1 SP1-SP6 allows remote attackers to bypass access controls for restricted JSP or servlet pages via a URL with multiple / (forward slash) characters before the restricted pages. | Weblogic_server | N/A | ||
| 2000-10-20 | CVE-2000-0685 | BEA WebLogic 5.1.x does not properly restrict access to the PageCompileServlet, which could allow remote attackers to compile and execute Java JHTML code by directly invoking the servlet on any source file. | Weblogic_server | N/A | ||
| 2000-10-20 | CVE-2000-0684 | BEA WebLogic 5.1.x does not properly restrict access to the JSPServlet, which could allow remote attackers to compile and execute Java JSP code by directly invoking the servlet on any source file. | Weblogic_server | N/A | ||
| 2000-10-20 | CVE-2000-0683 | BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /*.shtml/ into the URL, which invokes the SSIServlet. | Weblogic_server | N/A | ||
| 2000-10-20 | CVE-2000-0682 | BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /ConsoleHelp/ into the URL, which invokes the FileServlet. | Weblogic_server | N/A | ||
| 2000-10-20 | CVE-2000-0681 | Buffer overflow in BEA WebLogic server proxy plugin allows remote attackers to execute arbitrary commands via a long URL with a .JSP extension. | Weblogic_server | N/A | ||
| 2000-06-21 | CVE-2000-0500 | The default configuration of BEA WebLogic 5.1.0 allows a remote attacker to view source code of programs by requesting a URL beginning with /file/, which causes the default servlet to display the file without further processing. | Weblogic_server | N/A |