Search

Find a vulnerability

Search criteria

    298 vulnerabilities found for weblogic_server by bea

    CVE-2010-2375 (GCVE-0-2010-2375)

    Vulnerability from nvd – Published: 2010-07-13 22:07 – Updated: 2024-08-07 02:32
    VLAI
    Summary
    Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2010-07-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T02:32:16.381Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-07-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2012-10-23T09:00:00.000Z",
            "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
            "shortName": "oracle"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert_us@oracle.com",
              "ID": "CVE-2010-2375",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "assignerShortName": "oracle",
        "cveId": "CVE-2010-2375",
        "datePublished": "2010-07-13T22:07:00.000Z",
        "dateReserved": "2010-06-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T02:32:16.381Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-3257 (GCVE-0-2008-3257)

    Vulnerability from nvd – Published: 2008-07-22 16:00 – Updated: 2024-08-07 09:28
    VLAI
    Summary
    Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2008-07-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T09:28:41.938Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20080717 Bea Weblogic Apache Connector BOF / Remote Denial of Service PoC",
                "tags": [
                  "mailing-list",
                  "x_refsource_VIM",
                  "x_transferred"
                ],
                "url": "http://www.attrition.org/pipermail/vim/2008-July/002035.html"
              },
              {
                "name": "20080717 Bea Weblogic Apache Connector BOF / Remote Denial of Service PoC",
                "tags": [
                  "mailing-list",
                  "x_refsource_VIM",
                  "x_transferred"
                ],
                "url": "http://www.attrition.org/pipermail/vim/2008-July/002036.html"
              },
              {
                "name": "6089",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/6089"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technology/deploy/security/alerts/alert_cve2008-3257.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.bea.com/application_content/product_portlets/securityadvisories/2793.html"
              },
              {
                "name": "31146",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31146"
              },
              {
                "name": "30273",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/30273"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://blogs.oracle.com/security/2008/07/security_alert_for_cve-2008-3257_released.html"
              },
              {
                "name": "1020520",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1020520"
              },
              {
                "name": "oracle-weblogic-apacheconnector-bo(43885)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43885"
              },
              {
                "name": "VU#716387",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/716387"
              },
              {
                "name": "ADV-2008-2145",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/2145/references"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-07-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after \"POST /.jsp\" in an HTTP request."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20080717 Bea Weblogic Apache Connector BOF / Remote Denial of Service PoC",
              "tags": [
                "mailing-list",
                "x_refsource_VIM"
              ],
              "url": "http://www.attrition.org/pipermail/vim/2008-July/002035.html"
            },
            {
              "name": "20080717 Bea Weblogic Apache Connector BOF / Remote Denial of Service PoC",
              "tags": [
                "mailing-list",
                "x_refsource_VIM"
              ],
              "url": "http://www.attrition.org/pipermail/vim/2008-July/002036.html"
            },
            {
              "name": "6089",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/6089"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technology/deploy/security/alerts/alert_cve2008-3257.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.bea.com/application_content/product_portlets/securityadvisories/2793.html"
            },
            {
              "name": "31146",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31146"
            },
            {
              "name": "30273",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/30273"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://blogs.oracle.com/security/2008/07/security_alert_for_cve-2008-3257_released.html"
            },
            {
              "name": "1020520",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1020520"
            },
            {
              "name": "oracle-weblogic-apacheconnector-bo(43885)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43885"
            },
            {
              "name": "VU#716387",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/716387"
            },
            {
              "name": "ADV-2008-2145",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/2145/references"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-3257",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after \"POST /.jsp\" in an HTTP request."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20080717 Bea Weblogic Apache Connector BOF / Remote Denial of Service PoC",
                  "refsource": "VIM",
                  "url": "http://www.attrition.org/pipermail/vim/2008-July/002035.html"
                },
                {
                  "name": "20080717 Bea Weblogic Apache Connector BOF / Remote Denial of Service PoC",
                  "refsource": "VIM",
                  "url": "http://www.attrition.org/pipermail/vim/2008-July/002036.html"
                },
                {
                  "name": "6089",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/6089"
                },
                {
                  "name": "http://www.oracle.com/technology/deploy/security/alerts/alert_cve2008-3257.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technology/deploy/security/alerts/alert_cve2008-3257.html"
                },
                {
                  "name": "https://support.bea.com/application_content/product_portlets/securityadvisories/2793.html",
                  "refsource": "CONFIRM",
                  "url": "https://support.bea.com/application_content/product_portlets/securityadvisories/2793.html"
                },
                {
                  "name": "31146",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31146"
                },
                {
                  "name": "30273",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/30273"
                },
                {
                  "name": "http://blogs.oracle.com/security/2008/07/security_alert_for_cve-2008-3257_released.html",
                  "refsource": "CONFIRM",
                  "url": "http://blogs.oracle.com/security/2008/07/security_alert_for_cve-2008-3257_released.html"
                },
                {
                  "name": "1020520",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1020520"
                },
                {
                  "name": "oracle-weblogic-apacheconnector-bo(43885)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43885"
                },
                {
                  "name": "VU#716387",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/716387"
                },
                {
                  "name": "ADV-2008-2145",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/2145/references"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-3257",
        "datePublished": "2008-07-22T16:00:00.000Z",
        "dateReserved": "2008-07-22T00:00:00.000Z",
        "dateUpdated": "2024-08-07T09:28:41.938Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-0897 (GCVE-0-2008-0897)

    Vulnerability from nvd – Published: 2008-02-22 21:00 – Updated: 2024-08-07 08:01
    VLAI
    Summary
    Unspecified vulnerability in BEA WebLogic Server 9.0 through 10.0 allows remote authenticated users without "receive" permissions to bypass intended access restrictions and receive messages from a standalone JMS Topic or secured Distributed Topic member destination, related to durable subscriptions.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://dev2dev.bea.com/pub/advisory/267 vendor-advisoryx_refsource_BEA
    http://www.securitytracker.com/id?1019444 vdb-entryx_refsource_SECTRACK
    http://secunia.com/advisories/29041 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2008/0612… vdb-entryx_refsource_VUPEN
    Date Public
    2008-02-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:01:39.997Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "BEA08-193.00",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_BEA",
                  "x_transferred"
                ],
                "url": "http://dev2dev.bea.com/pub/advisory/267"
              },
              {
                "name": "1019444",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1019444"
              },
              {
                "name": "29041",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29041"
              },
              {
                "name": "ADV-2008-0612",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0612/references"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-02-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in BEA WebLogic Server 9.0 through 10.0 allows remote authenticated users without \"receive\" permissions to bypass intended access restrictions and receive messages from a standalone JMS Topic or secured Distributed Topic member destination, related to durable subscriptions."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2008-03-11T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "BEA08-193.00",
              "tags": [
                "vendor-advisory",
                "x_refsource_BEA"
              ],
              "url": "http://dev2dev.bea.com/pub/advisory/267"
            },
            {
              "name": "1019444",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1019444"
            },
            {
              "name": "29041",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29041"
            },
            {
              "name": "ADV-2008-0612",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0612/references"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-0897",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in BEA WebLogic Server 9.0 through 10.0 allows remote authenticated users without \"receive\" permissions to bypass intended access restrictions and receive messages from a standalone JMS Topic or secured Distributed Topic member destination, related to durable subscriptions."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "BEA08-193.00",
                  "refsource": "BEA",
                  "url": "http://dev2dev.bea.com/pub/advisory/267"
                },
                {
                  "name": "1019444",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1019444"
                },
                {
                  "name": "29041",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29041"
                },
                {
                  "name": "ADV-2008-0612",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0612/references"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-0897",
        "datePublished": "2008-02-22T21:00:00.000Z",
        "dateReserved": "2008-02-22T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:01:39.997Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-0900 (GCVE-0-2008-0900)

    Vulnerability from nvd – Published: 2008-02-22 21:00 – Updated: 2024-08-07 08:01
    VLAI
    Summary
    Session fixation vulnerability in BEA WebLogic Server and Express 8.1 SP4 through SP6, 9.2 through MP1, and 10.0 allows remote authenticated users to hijack web sessions via unknown vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id?1019439 vdb-entryx_refsource_SECTRACK
    http://dev2dev.bea.com/pub/advisory/270 vendor-advisoryx_refsource_BEA
    http://secunia.com/advisories/29041 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2008/0612… vdb-entryx_refsource_VUPEN
    Date Public
    2008-02-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:01:40.091Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1019439",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1019439"
              },
              {
                "name": "BEA08-196.00",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_BEA",
                  "x_transferred"
                ],
                "url": "http://dev2dev.bea.com/pub/advisory/270"
              },
              {
                "name": "29041",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29041"
              },
              {
                "name": "ADV-2008-0612",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0612/references"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-02-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Session fixation vulnerability in BEA WebLogic Server and Express 8.1 SP4 through SP6, 9.2 through MP1, and 10.0 allows remote authenticated users to hijack web sessions via unknown vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2008-03-11T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "1019439",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1019439"
            },
            {
              "name": "BEA08-196.00",
              "tags": [
                "vendor-advisory",
                "x_refsource_BEA"
              ],
              "url": "http://dev2dev.bea.com/pub/advisory/270"
            },
            {
              "name": "29041",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29041"
            },
            {
              "name": "ADV-2008-0612",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0612/references"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-0900",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Session fixation vulnerability in BEA WebLogic Server and Express 8.1 SP4 through SP6, 9.2 through MP1, and 10.0 allows remote authenticated users to hijack web sessions via unknown vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1019439",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1019439"
                },
                {
                  "name": "BEA08-196.00",
                  "refsource": "BEA",
                  "url": "http://dev2dev.bea.com/pub/advisory/270"
                },
                {
                  "name": "29041",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29041"
                },
                {
                  "name": "ADV-2008-0612",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0612/references"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-0900",
        "datePublished": "2008-02-22T21:00:00.000Z",
        "dateReserved": "2008-02-22T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:01:40.091Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-0898 (GCVE-0-2008-0898)

    Vulnerability from nvd – Published: 2008-02-22 21:00 – Updated: 2024-08-07 08:01
    VLAI
    Summary
    The distributed queue feature in JMS in BEA WebLogic Server 9.0 through 10.0, in certain configurations, does not properly handle when a client cannot send a message to a member of a distributed queue, which allows remote authenticated users to bypass intended access restrictions for protected distributed queues.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id?1019447 vdb-entryx_refsource_SECTRACK
    http://secunia.com/advisories/29041 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2008/0612… vdb-entryx_refsource_VUPEN
    http://dev2dev.bea.com/pub/advisory/268 vendor-advisoryx_refsource_BEA
    Date Public
    2008-02-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:01:40.071Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1019447",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1019447"
              },
              {
                "name": "29041",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29041"
              },
              {
                "name": "ADV-2008-0612",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0612/references"
              },
              {
                "name": "BEA08-194.00",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_BEA",
                  "x_transferred"
                ],
                "url": "http://dev2dev.bea.com/pub/advisory/268"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-02-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The distributed queue feature in JMS in BEA WebLogic Server 9.0 through 10.0, in certain configurations, does not properly handle when a client cannot send a message to a member of a distributed queue, which allows remote authenticated users to bypass intended access restrictions for protected distributed queues."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2008-03-11T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "1019447",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1019447"
            },
            {
              "name": "29041",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29041"
            },
            {
              "name": "ADV-2008-0612",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0612/references"
            },
            {
              "name": "BEA08-194.00",
              "tags": [
                "vendor-advisory",
                "x_refsource_BEA"
              ],
              "url": "http://dev2dev.bea.com/pub/advisory/268"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-0898",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The distributed queue feature in JMS in BEA WebLogic Server 9.0 through 10.0, in certain configurations, does not properly handle when a client cannot send a message to a member of a distributed queue, which allows remote authenticated users to bypass intended access restrictions for protected distributed queues."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1019447",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1019447"
                },
                {
                  "name": "29041",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29041"
                },
                {
                  "name": "ADV-2008-0612",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0612/references"
                },
                {
                  "name": "BEA08-194.00",
                  "refsource": "BEA",
                  "url": "http://dev2dev.bea.com/pub/advisory/268"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-0898",
        "datePublished": "2008-02-22T21:00:00.000Z",
        "dateReserved": "2008-02-22T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:01:40.071Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-0899 (GCVE-0-2008-0899)

    Vulnerability from nvd – Published: 2008-02-22 21:00 – Updated: 2024-08-07 08:01
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in the Administration Console in BEA WebLogic Server and Express 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via URLs that are not properly handled by the Unexpected Exception Page.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id?1019448 vdb-entryx_refsource_SECTRACK
    http://secunia.com/advisories/29041 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2008/0612… vdb-entryx_refsource_VUPEN
    http://dev2dev.bea.com/pub/advisory/269 vendor-advisoryx_refsource_BEA
    Date Public
    2008-02-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:01:40.102Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1019448",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1019448"
              },
              {
                "name": "29041",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29041"
              },
              {
                "name": "ADV-2008-0612",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0612/references"
              },
              {
                "name": "BEA08-195.00",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_BEA",
                  "x_transferred"
                ],
                "url": "http://dev2dev.bea.com/pub/advisory/269"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-02-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the Administration Console in BEA WebLogic Server and Express 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via URLs that are not properly handled by the Unexpected Exception Page."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2008-03-11T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "1019448",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1019448"
            },
            {
              "name": "29041",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29041"
            },
            {
              "name": "ADV-2008-0612",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0612/references"
            },
            {
              "name": "BEA08-195.00",
              "tags": [
                "vendor-advisory",
                "x_refsource_BEA"
              ],
              "url": "http://dev2dev.bea.com/pub/advisory/269"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-0899",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in the Administration Console in BEA WebLogic Server and Express 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via URLs that are not properly handled by the Unexpected Exception Page."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1019448",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1019448"
                },
                {
                  "name": "29041",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29041"
                },
                {
                  "name": "ADV-2008-0612",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0612/references"
                },
                {
                  "name": "BEA08-195.00",
                  "refsource": "BEA",
                  "url": "http://dev2dev.bea.com/pub/advisory/269"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-0899",
        "datePublished": "2008-02-22T21:00:00.000Z",
        "dateReserved": "2008-02-22T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:01:40.102Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-0895 (GCVE-0-2008-0895)

    Vulnerability from nvd – Published: 2008-02-22 21:00 – Updated: 2024-08-07 08:01
    VLAI
    Summary
    BEA WebLogic Server and WebLogic Express 6.1 through 10.0 allows remote attackers to bypass authentication for application servlets via crafted request headers.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/29041 third-party-advisoryx_refsource_SECUNIA
    http://dev2dev.bea.com/pub/advisory/265 vendor-advisoryx_refsource_BEA
    http://www.vupen.com/english/advisories/2008/0612… vdb-entryx_refsource_VUPEN
    http://www.securitytracker.com/id?1019443 vdb-entryx_refsource_SECTRACK
    Date Public
    2008-02-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:01:40.067Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "29041",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29041"
              },
              {
                "name": "BEA08-191.00",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_BEA",
                  "x_transferred"
                ],
                "url": "http://dev2dev.bea.com/pub/advisory/265"
              },
              {
                "name": "ADV-2008-0612",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0612/references"
              },
              {
                "name": "1019443",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1019443"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-02-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "BEA WebLogic Server and WebLogic Express 6.1 through 10.0 allows remote attackers to bypass authentication for application servlets via crafted request headers."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2008-03-11T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "29041",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29041"
            },
            {
              "name": "BEA08-191.00",
              "tags": [
                "vendor-advisory",
                "x_refsource_BEA"
              ],
              "url": "http://dev2dev.bea.com/pub/advisory/265"
            },
            {
              "name": "ADV-2008-0612",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0612/references"
            },
            {
              "name": "1019443",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1019443"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-0895",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "BEA WebLogic Server and WebLogic Express 6.1 through 10.0 allows remote attackers to bypass authentication for application servlets via crafted request headers."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "29041",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29041"
                },
                {
                  "name": "BEA08-191.00",
                  "refsource": "BEA",
                  "url": "http://dev2dev.bea.com/pub/advisory/265"
                },
                {
                  "name": "ADV-2008-0612",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0612/references"
                },
                {
                  "name": "1019443",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1019443"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-0895",
        "datePublished": "2008-02-22T21:00:00.000Z",
        "dateReserved": "2008-02-22T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:01:40.067Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-0902 (GCVE-0-2008-0902)

    Vulnerability from nvd – Published: 2008-02-22 21:00 – Updated: 2024-08-07 08:01
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 6.1 through 10.0 MP1 allow remote attackers to inject arbitrary web script or HTML via unspecified samples. NOTE: this might be the same issue as CVE-2007-2694.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://dev2dev.bea.com/pub/advisory/273 vendor-advisoryx_refsource_BEA
    http://secunia.com/advisories/29041 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2008/0612… vdb-entryx_refsource_VUPEN
    Date Public
    2008-02-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:01:40.105Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "BEA08-80.04",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_BEA",
                  "x_transferred"
                ],
                "url": "http://dev2dev.bea.com/pub/advisory/273"
              },
              {
                "name": "29041",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29041"
              },
              {
                "name": "ADV-2008-0612",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0612/references"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-02-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 6.1 through 10.0 MP1 allow remote attackers to inject arbitrary web script or HTML via unspecified samples.  NOTE: this might be the same issue as CVE-2007-2694."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2008-03-11T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "BEA08-80.04",
              "tags": [
                "vendor-advisory",
                "x_refsource_BEA"
              ],
              "url": "http://dev2dev.bea.com/pub/advisory/273"
            },
            {
              "name": "29041",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29041"
            },
            {
              "name": "ADV-2008-0612",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0612/references"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-0902",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 6.1 through 10.0 MP1 allow remote attackers to inject arbitrary web script or HTML via unspecified samples.  NOTE: this might be the same issue as CVE-2007-2694."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "BEA08-80.04",
                  "refsource": "BEA",
                  "url": "http://dev2dev.bea.com/pub/advisory/273"
                },
                {
                  "name": "29041",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29041"
                },
                {
                  "name": "ADV-2008-0612",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0612/references"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-0902",
        "datePublished": "2008-02-22T21:00:00.000Z",
        "dateReserved": "2008-02-22T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:01:40.105Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-0901 (GCVE-0-2008-0901)

    Vulnerability from nvd – Published: 2008-02-22 21:00 – Updated: 2024-08-07 08:01
    VLAI
    Summary
    BEA WebLogic Server and Express 7.0 through 10.0 allows remote attackers to conduct brute force password guessing attacks, even when account lockout has been activated, via crafted URLs that indicate whether a guessed password is successful or not.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://dev2dev.bea.com/pub/advisory/271 vendor-advisoryx_refsource_BEA
    http://secunia.com/advisories/29041 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2008/0612… vdb-entryx_refsource_VUPEN
    http://www.s21sec.com/avisos/s21sec-040-en.txt x_refsource_MISC
    http://www.securitytracker.com/id?1019449 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/archive/1/488686/100… mailing-listx_refsource_BUGTRAQ
    Date Public
    2008-02-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:01:40.056Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "BEA08-197.00",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_BEA",
                  "x_transferred"
                ],
                "url": "http://dev2dev.bea.com/pub/advisory/271"
              },
              {
                "name": "29041",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29041"
              },
              {
                "name": "ADV-2008-0612",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0612/references"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.s21sec.com/avisos/s21sec-040-en.txt"
              },
              {
                "name": "1019449",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1019449"
              },
              {
                "name": "20080225 S21SEC-040-en: Infinite invalid authentication attempts possible in BEA WebLogic Server",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/488686/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-02-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "BEA WebLogic Server and Express 7.0 through 10.0 allows remote attackers to conduct brute force password guessing attacks, even when account lockout has been activated, via crafted URLs that indicate whether a guessed password is successful or not."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "BEA08-197.00",
              "tags": [
                "vendor-advisory",
                "x_refsource_BEA"
              ],
              "url": "http://dev2dev.bea.com/pub/advisory/271"
            },
            {
              "name": "29041",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29041"
            },
            {
              "name": "ADV-2008-0612",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0612/references"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.s21sec.com/avisos/s21sec-040-en.txt"
            },
            {
              "name": "1019449",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1019449"
            },
            {
              "name": "20080225 S21SEC-040-en: Infinite invalid authentication attempts possible in BEA WebLogic Server",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/488686/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-0901",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "BEA WebLogic Server and Express 7.0 through 10.0 allows remote attackers to conduct brute force password guessing attacks, even when account lockout has been activated, via crafted URLs that indicate whether a guessed password is successful or not."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "BEA08-197.00",
                  "refsource": "BEA",
                  "url": "http://dev2dev.bea.com/pub/advisory/271"
                },
                {
                  "name": "29041",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29041"
                },
                {
                  "name": "ADV-2008-0612",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0612/references"
                },
                {
                  "name": "http://www.s21sec.com/avisos/s21sec-040-en.txt",
                  "refsource": "MISC",
                  "url": "http://www.s21sec.com/avisos/s21sec-040-en.txt"
                },
                {
                  "name": "1019449",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1019449"
                },
                {
                  "name": "20080225 S21SEC-040-en: Infinite invalid authentication attempts possible in BEA WebLogic Server",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/488686/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-0901",
        "datePublished": "2008-02-22T21:00:00.000Z",
        "dateReserved": "2008-02-22T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:01:40.056Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-0869 (GCVE-0-2008-0869)

    Vulnerability from nvd – Published: 2008-02-21 01:00 – Updated: 2024-08-07 08:01
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id?1019438 vdb-entryx_refsource_SECTRACK
    http://dev2dev.bea.com/pub/advisory/263 vendor-advisoryx_refsource_BEA
    http://secunia.com/advisories/29041 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2008/0612… vdb-entryx_refsource_VUPEN
    http://www.vupen.com/english/advisories/2008/0611 vdb-entryx_refsource_VUPEN
    Date Public
    2008-02-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:01:39.719Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1019438",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1019438"
              },
              {
                "name": "BEA08-189.00",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_BEA",
                  "x_transferred"
                ],
                "url": "http://dev2dev.bea.com/pub/advisory/263"
              },
              {
                "name": "29041",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29041"
              },
              {
                "name": "ADV-2008-0612",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0612/references"
              },
              {
                "name": "ADV-2008-0611",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0611"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-02-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a \"framework defined request parameter\" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2008-03-11T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "1019438",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1019438"
            },
            {
              "name": "BEA08-189.00",
              "tags": [
                "vendor-advisory",
                "x_refsource_BEA"
              ],
              "url": "http://dev2dev.bea.com/pub/advisory/263"
            },
            {
              "name": "29041",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29041"
            },
            {
              "name": "ADV-2008-0612",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0612/references"
            },
            {
              "name": "ADV-2008-0611",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0611"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-0869",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a \"framework defined request parameter\" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1019438",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1019438"
                },
                {
                  "name": "BEA08-189.00",
                  "refsource": "BEA",
                  "url": "http://dev2dev.bea.com/pub/advisory/263"
                },
                {
                  "name": "29041",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29041"
                },
                {
                  "name": "ADV-2008-0612",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0612/references"
                },
                {
                  "name": "ADV-2008-0611",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0611"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-0869",
        "datePublished": "2008-02-21T01:00:00.000Z",
        "dateReserved": "2008-02-20T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:01:39.719Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-0863 (GCVE-0-2008-0863)

    Vulnerability from nvd – Published: 2008-02-21 01:00 – Updated: 2024-08-07 08:01
    VLAI
    Summary
    BEA WebLogic Server and WebLogic Express 9.0 and 9.1 exposes the web service's WSDL and security policies, which allows remote attackers to obtain sensitive information and potentially launch further attacks.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id?1019455 vdb-entryx_refsource_SECTRACK
    http://www.vupen.com/english/advisories/2008/0612… vdb-entryx_refsource_VUPEN
    http://dev2dev.bea.com/pub/advisory/260 vendor-advisoryx_refsource_BEA
    Date Public
    2008-02-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:01:40.101Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1019455",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1019455"
              },
              {
                "name": "ADV-2008-0612",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0612/references"
              },
              {
                "name": "BEA08-187.00",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_BEA",
                  "x_transferred"
                ],
                "url": "http://dev2dev.bea.com/pub/advisory/260"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-02-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "BEA WebLogic Server and WebLogic Express 9.0 and 9.1 exposes the web service\u0027s WSDL and security policies, which allows remote attackers to obtain sensitive information and potentially launch further attacks."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2008-03-11T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "1019455",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1019455"
            },
            {
              "name": "ADV-2008-0612",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0612/references"
            },
            {
              "name": "BEA08-187.00",
              "tags": [
                "vendor-advisory",
                "x_refsource_BEA"
              ],
              "url": "http://dev2dev.bea.com/pub/advisory/260"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-0863",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "BEA WebLogic Server and WebLogic Express 9.0 and 9.1 exposes the web service\u0027s WSDL and security policies, which allows remote attackers to obtain sensitive information and potentially launch further attacks."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1019455",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1019455"
                },
                {
                  "name": "ADV-2008-0612",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0612/references"
                },
                {
                  "name": "BEA08-187.00",
                  "refsource": "BEA",
                  "url": "http://dev2dev.bea.com/pub/advisory/260"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-0863",
        "datePublished": "2008-02-21T01:00:00.000Z",
        "dateReserved": "2008-02-20T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:01:40.101Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-5576 (GCVE-0-2007-5576)

    Vulnerability from nvd – Published: 2007-10-18 21:00 – Updated: 2024-08-07 15:39
    VLAI
    Summary
    BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which allows physically proximate attackers to obtain sensitive information via the (1) cnsbind, (2) cnsunbind, or (3) cnsls commands.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://osvdb.org/45478 vdb-entryx_refsource_OSVDB
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://dev2dev.bea.com/pub/advisory/226 vendor-advisoryx_refsource_BEA
    http://www.vupen.com/english/advisories/2007/1813 vdb-entryx_refsource_VUPEN
    Date Public
    2007-05-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T15:39:13.505Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "45478",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/45478"
              },
              {
                "name": "weblogic-tuxedo-information-disclosure(34290)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34290"
              },
              {
                "name": "BEA07-158.00",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_BEA",
                  "x_transferred"
                ],
                "url": "http://dev2dev.bea.com/pub/advisory/226"
              },
              {
                "name": "ADV-2007-1813",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/1813"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-05-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which allows physically proximate attackers to obtain sensitive information via the (1) cnsbind, (2) cnsunbind, or (3) cnsls commands."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "45478",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/45478"
            },
            {
              "name": "weblogic-tuxedo-information-disclosure(34290)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34290"
            },
            {
              "name": "BEA07-158.00",
              "tags": [
                "vendor-advisory",
                "x_refsource_BEA"
              ],
              "url": "http://dev2dev.bea.com/pub/advisory/226"
            },
            {
              "name": "ADV-2007-1813",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/1813"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-5576",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which allows physically proximate attackers to obtain sensitive information via the (1) cnsbind, (2) cnsunbind, or (3) cnsls commands."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "45478",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/45478"
                },
                {
                  "name": "weblogic-tuxedo-information-disclosure(34290)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34290"
                },
                {
                  "name": "BEA07-158.00",
                  "refsource": "BEA",
                  "url": "http://dev2dev.bea.com/pub/advisory/226"
                },
                {
                  "name": "ADV-2007-1813",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/1813"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-5576",
        "datePublished": "2007-10-18T21:00:00.000Z",
        "dateReserved": "2007-10-18T00:00:00.000Z",
        "dateUpdated": "2024-08-07T15:39:13.505Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-4618 (GCVE-0-2007-4618)

    Vulnerability from nvd – Published: 2007-08-31 00:00 – Updated: 2024-08-07 15:01
    VLAI
    Summary
    Unspecified vulnerability in BEA WebLogic Server 6.1 Gold through SP7 and 7.0 Gold through SP7 allows remote attackers to cause a denial of service (disk consumption) via certain malformed HTTP headers.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/26539 third-party-advisoryx_refsource_SECUNIA
    http://osvdb.org/38517 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/bid/22082 vdb-entryx_refsource_BID
    http://www.vupen.com/english/advisories/2007/3008 vdb-entryx_refsource_VUPEN
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://dev2dev.bea.com/pub/advisory/247 vendor-advisoryx_refsource_BEA
    Date Public
    2007-08-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T15:01:09.818Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "26539",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26539"
              },
              {
                "name": "38517",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/38517"
              },
              {
                "name": "22082",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/22082"
              },
              {
                "name": "ADV-2007-3008",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/3008"
              },
              {
                "name": "weblogic-headers-dos(36321)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36321"
              },
              {
                "name": "BEA07-148.01",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_BEA",
                  "x_transferred"
                ],
                "url": "http://dev2dev.bea.com/pub/advisory/247"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-08-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in BEA WebLogic Server 6.1 Gold through SP7 and 7.0 Gold through SP7 allows remote attackers to cause a denial of service (disk consumption) via certain malformed HTTP headers."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "26539",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26539"
            },
            {
              "name": "38517",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/38517"
            },
            {
              "name": "22082",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/22082"
            },
            {
              "name": "ADV-2007-3008",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/3008"
            },
            {
              "name": "weblogic-headers-dos(36321)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36321"
            },
            {
              "name": "BEA07-148.01",
              "tags": [
                "vendor-advisory",
                "x_refsource_BEA"
              ],
              "url": "http://dev2dev.bea.com/pub/advisory/247"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-4618",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in BEA WebLogic Server 6.1 Gold through SP7 and 7.0 Gold through SP7 allows remote attackers to cause a denial of service (disk consumption) via certain malformed HTTP headers."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "26539",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26539"
                },
                {
                  "name": "38517",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/38517"
                },
                {
                  "name": "22082",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/22082"
                },
                {
                  "name": "ADV-2007-3008",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/3008"
                },
                {
                  "name": "weblogic-headers-dos(36321)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36321"
                },
                {
                  "name": "BEA07-148.01",
                  "refsource": "BEA",
                  "url": "http://dev2dev.bea.com/pub/advisory/247"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-4618",
        "datePublished": "2007-08-31T00:00:00.000Z",
        "dateReserved": "2007-08-30T00:00:00.000Z",
        "dateUpdated": "2024-08-07T15:01:09.818Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-4616 (GCVE-0-2007-4616)

    Vulnerability from nvd – Published: 2007-08-31 00:00 – Updated: 2024-08-07 15:01
    VLAI
    Summary
    The SSL server implementation in BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP1, and 10.0 sometimes selects the null cipher when no other cipher is compatible between the server and client, which might allow remote attackers to intercept communications.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/26539 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/25472 vdb-entryx_refsource_BID
    http://securitytracker.com/id?1018620 vdb-entryx_refsource_SECTRACK
    http://www.vupen.com/english/advisories/2007/3008 vdb-entryx_refsource_VUPEN
    http://dev2dev.bea.com/pub/advisory/245 vendor-advisoryx_refsource_BEA
    Date Public
    2007-08-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T15:01:09.759Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "26539",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26539"
              },
              {
                "name": "weblogic-nullcipher-information-disclosure(36320)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36320"
              },
              {
                "name": "25472",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/25472"
              },
              {
                "name": "1018620",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1018620"
              },
              {
                "name": "ADV-2007-3008",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/3008"
              },
              {
                "name": "BEA07-176.00",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_BEA",
                  "x_transferred"
                ],
                "url": "http://dev2dev.bea.com/pub/advisory/245"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-08-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The SSL server implementation in BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP1, and 10.0 sometimes selects the null cipher when no other cipher is compatible between the server and client, which might allow remote attackers to intercept communications."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "26539",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26539"
            },
            {
              "name": "weblogic-nullcipher-information-disclosure(36320)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36320"
            },
            {
              "name": "25472",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/25472"
            },
            {
              "name": "1018620",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1018620"
            },
            {
              "name": "ADV-2007-3008",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/3008"
            },
            {
              "name": "BEA07-176.00",
              "tags": [
                "vendor-advisory",
                "x_refsource_BEA"
              ],
              "url": "http://dev2dev.bea.com/pub/advisory/245"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-4616",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The SSL server implementation in BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP1, and 10.0 sometimes selects the null cipher when no other cipher is compatible between the server and client, which might allow remote attackers to intercept communications."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "26539",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26539"
                },
                {
                  "name": "weblogic-nullcipher-information-disclosure(36320)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36320"
                },
                {
                  "name": "25472",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/25472"
                },
                {
                  "name": "1018620",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1018620"
                },
                {
                  "name": "ADV-2007-3008",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/3008"
                },
                {
                  "name": "BEA07-176.00",
                  "refsource": "BEA",
                  "url": "http://dev2dev.bea.com/pub/advisory/245"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-4616",
        "datePublished": "2007-08-31T00:00:00.000Z",
        "dateReserved": "2007-08-30T00:00:00.000Z",
        "dateUpdated": "2024-08-07T15:01:09.759Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-4615 (GCVE-0-2007-4615)

    Vulnerability from nvd – Published: 2007-08-31 00:00 – Updated: 2024-08-07 15:01
    VLAI
    Summary
    The SSL client implementation in BEA WebLogic Server 7.0 SP7, 8.1 SP2 through SP6, 9.0, 9.1, 9.2 Gold through MP2, and 10.0 sometimes selects the null cipher when others are available, which might allow remote attackers to intercept communications.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/26539 third-party-advisoryx_refsource_SECUNIA
    http://dev2dev.bea.com/pub/advisory/244 vendor-advisoryx_refsource_BEA
    http://www.securityfocus.com/bid/25472 vdb-entryx_refsource_BID
    http://www.vupen.com/english/advisories/2007/3008 vdb-entryx_refsource_VUPEN
    http://securitytracker.com/id?1018619 vdb-entryx_refsource_SECTRACK
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2007-08-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T15:01:09.673Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "26539",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26539"
              },
              {
                "name": "BEA07-175.00",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_BEA",
                  "x_transferred"
                ],
                "url": "http://dev2dev.bea.com/pub/advisory/244"
              },
              {
                "name": "25472",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/25472"
              },
              {
                "name": "ADV-2007-3008",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/3008"
              },
              {
                "name": "1018619",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1018619"
              },
              {
                "name": "weblogic-cipher-information-disclosure(36322)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36322"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-08-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The SSL client implementation in BEA WebLogic Server 7.0 SP7, 8.1 SP2 through SP6, 9.0, 9.1, 9.2 Gold through MP2, and 10.0 sometimes selects the null cipher when others are available, which might allow remote attackers to intercept communications."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "26539",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26539"
            },
            {
              "name": "BEA07-175.00",
              "tags": [
                "vendor-advisory",
                "x_refsource_BEA"
              ],
              "url": "http://dev2dev.bea.com/pub/advisory/244"
            },
            {
              "name": "25472",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/25472"
            },
            {
              "name": "ADV-2007-3008",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/3008"
            },
            {
              "name": "1018619",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1018619"
            },
            {
              "name": "weblogic-cipher-information-disclosure(36322)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36322"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-4615",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The SSL client implementation in BEA WebLogic Server 7.0 SP7, 8.1 SP2 through SP6, 9.0, 9.1, 9.2 Gold through MP2, and 10.0 sometimes selects the null cipher when others are available, which might allow remote attackers to intercept communications."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "26539",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26539"
                },
                {
                  "name": "BEA07-175.00",
                  "refsource": "BEA",
                  "url": "http://dev2dev.bea.com/pub/advisory/244"
                },
                {
                  "name": "25472",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/25472"
                },
                {
                  "name": "ADV-2007-3008",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/3008"
                },
                {
                  "name": "1018619",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1018619"
                },
                {
                  "name": "weblogic-cipher-information-disclosure(36322)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36322"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-4615",
        "datePublished": "2007-08-31T00:00:00.000Z",
        "dateReserved": "2007-08-30T00:00:00.000Z",
        "dateUpdated": "2024-08-07T15:01:09.673Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-2375 (GCVE-0-2010-2375)

    Vulnerability from cvelistv5 – Published: 2010-07-13 22:07 – Updated: 2024-08-07 02:32
    VLAI
    Summary
    Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2010-07-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T02:32:16.381Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-07-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2012-10-23T09:00:00.000Z",
            "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
            "shortName": "oracle"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert_us@oracle.com",
              "ID": "CVE-2010-2375",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "assignerShortName": "oracle",
        "cveId": "CVE-2010-2375",
        "datePublished": "2010-07-13T22:07:00.000Z",
        "dateReserved": "2010-06-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T02:32:16.381Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-3257 (GCVE-0-2008-3257)

    Vulnerability from cvelistv5 – Published: 2008-07-22 16:00 – Updated: 2024-08-07 09:28
    VLAI
    Summary
    Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2008-07-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T09:28:41.938Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20080717 Bea Weblogic Apache Connector BOF / Remote Denial of Service PoC",
                "tags": [
                  "mailing-list",
                  "x_refsource_VIM",
                  "x_transferred"
                ],
                "url": "http://www.attrition.org/pipermail/vim/2008-July/002035.html"
              },
              {
                "name": "20080717 Bea Weblogic Apache Connector BOF / Remote Denial of Service PoC",
                "tags": [
                  "mailing-list",
                  "x_refsource_VIM",
                  "x_transferred"
                ],
                "url": "http://www.attrition.org/pipermail/vim/2008-July/002036.html"
              },
              {
                "name": "6089",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/6089"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technology/deploy/security/alerts/alert_cve2008-3257.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.bea.com/application_content/product_portlets/securityadvisories/2793.html"
              },
              {
                "name": "31146",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31146"
              },
              {
                "name": "30273",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/30273"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://blogs.oracle.com/security/2008/07/security_alert_for_cve-2008-3257_released.html"
              },
              {
                "name": "1020520",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1020520"
              },
              {
                "name": "oracle-weblogic-apacheconnector-bo(43885)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43885"
              },
              {
                "name": "VU#716387",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/716387"
              },
              {
                "name": "ADV-2008-2145",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/2145/references"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-07-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after \"POST /.jsp\" in an HTTP request."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20080717 Bea Weblogic Apache Connector BOF / Remote Denial of Service PoC",
              "tags": [
                "mailing-list",
                "x_refsource_VIM"
              ],
              "url": "http://www.attrition.org/pipermail/vim/2008-July/002035.html"
            },
            {
              "name": "20080717 Bea Weblogic Apache Connector BOF / Remote Denial of Service PoC",
              "tags": [
                "mailing-list",
                "x_refsource_VIM"
              ],
              "url": "http://www.attrition.org/pipermail/vim/2008-July/002036.html"
            },
            {
              "name": "6089",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/6089"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technology/deploy/security/alerts/alert_cve2008-3257.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.bea.com/application_content/product_portlets/securityadvisories/2793.html"
            },
            {
              "name": "31146",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31146"
            },
            {
              "name": "30273",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/30273"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://blogs.oracle.com/security/2008/07/security_alert_for_cve-2008-3257_released.html"
            },
            {
              "name": "1020520",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1020520"
            },
            {
              "name": "oracle-weblogic-apacheconnector-bo(43885)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43885"
            },
            {
              "name": "VU#716387",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/716387"
            },
            {
              "name": "ADV-2008-2145",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/2145/references"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-3257",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after \"POST /.jsp\" in an HTTP request."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20080717 Bea Weblogic Apache Connector BOF / Remote Denial of Service PoC",
                  "refsource": "VIM",
                  "url": "http://www.attrition.org/pipermail/vim/2008-July/002035.html"
                },
                {
                  "name": "20080717 Bea Weblogic Apache Connector BOF / Remote Denial of Service PoC",
                  "refsource": "VIM",
                  "url": "http://www.attrition.org/pipermail/vim/2008-July/002036.html"
                },
                {
                  "name": "6089",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/6089"
                },
                {
                  "name": "http://www.oracle.com/technology/deploy/security/alerts/alert_cve2008-3257.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technology/deploy/security/alerts/alert_cve2008-3257.html"
                },
                {
                  "name": "https://support.bea.com/application_content/product_portlets/securityadvisories/2793.html",
                  "refsource": "CONFIRM",
                  "url": "https://support.bea.com/application_content/product_portlets/securityadvisories/2793.html"
                },
                {
                  "name": "31146",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31146"
                },
                {
                  "name": "30273",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/30273"
                },
                {
                  "name": "http://blogs.oracle.com/security/2008/07/security_alert_for_cve-2008-3257_released.html",
                  "refsource": "CONFIRM",
                  "url": "http://blogs.oracle.com/security/2008/07/security_alert_for_cve-2008-3257_released.html"
                },
                {
                  "name": "1020520",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1020520"
                },
                {
                  "name": "oracle-weblogic-apacheconnector-bo(43885)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43885"
                },
                {
                  "name": "VU#716387",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/716387"
                },
                {
                  "name": "ADV-2008-2145",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/2145/references"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-3257",
        "datePublished": "2008-07-22T16:00:00.000Z",
        "dateReserved": "2008-07-22T00:00:00.000Z",
        "dateUpdated": "2024-08-07T09:28:41.938Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-0897 (GCVE-0-2008-0897)

    Vulnerability from cvelistv5 – Published: 2008-02-22 21:00 – Updated: 2024-08-07 08:01
    VLAI
    Summary
    Unspecified vulnerability in BEA WebLogic Server 9.0 through 10.0 allows remote authenticated users without "receive" permissions to bypass intended access restrictions and receive messages from a standalone JMS Topic or secured Distributed Topic member destination, related to durable subscriptions.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://dev2dev.bea.com/pub/advisory/267 vendor-advisoryx_refsource_BEA
    http://www.securitytracker.com/id?1019444 vdb-entryx_refsource_SECTRACK
    http://secunia.com/advisories/29041 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2008/0612… vdb-entryx_refsource_VUPEN
    Date Public
    2008-02-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:01:39.997Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "BEA08-193.00",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_BEA",
                  "x_transferred"
                ],
                "url": "http://dev2dev.bea.com/pub/advisory/267"
              },
              {
                "name": "1019444",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1019444"
              },
              {
                "name": "29041",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29041"
              },
              {
                "name": "ADV-2008-0612",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0612/references"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-02-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in BEA WebLogic Server 9.0 through 10.0 allows remote authenticated users without \"receive\" permissions to bypass intended access restrictions and receive messages from a standalone JMS Topic or secured Distributed Topic member destination, related to durable subscriptions."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2008-03-11T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "BEA08-193.00",
              "tags": [
                "vendor-advisory",
                "x_refsource_BEA"
              ],
              "url": "http://dev2dev.bea.com/pub/advisory/267"
            },
            {
              "name": "1019444",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1019444"
            },
            {
              "name": "29041",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29041"
            },
            {
              "name": "ADV-2008-0612",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0612/references"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-0897",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in BEA WebLogic Server 9.0 through 10.0 allows remote authenticated users without \"receive\" permissions to bypass intended access restrictions and receive messages from a standalone JMS Topic or secured Distributed Topic member destination, related to durable subscriptions."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "BEA08-193.00",
                  "refsource": "BEA",
                  "url": "http://dev2dev.bea.com/pub/advisory/267"
                },
                {
                  "name": "1019444",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1019444"
                },
                {
                  "name": "29041",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29041"
                },
                {
                  "name": "ADV-2008-0612",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0612/references"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-0897",
        "datePublished": "2008-02-22T21:00:00.000Z",
        "dateReserved": "2008-02-22T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:01:39.997Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-0900 (GCVE-0-2008-0900)

    Vulnerability from cvelistv5 – Published: 2008-02-22 21:00 – Updated: 2024-08-07 08:01
    VLAI
    Summary
    Session fixation vulnerability in BEA WebLogic Server and Express 8.1 SP4 through SP6, 9.2 through MP1, and 10.0 allows remote authenticated users to hijack web sessions via unknown vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id?1019439 vdb-entryx_refsource_SECTRACK
    http://dev2dev.bea.com/pub/advisory/270 vendor-advisoryx_refsource_BEA
    http://secunia.com/advisories/29041 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2008/0612… vdb-entryx_refsource_VUPEN
    Date Public
    2008-02-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:01:40.091Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1019439",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1019439"
              },
              {
                "name": "BEA08-196.00",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_BEA",
                  "x_transferred"
                ],
                "url": "http://dev2dev.bea.com/pub/advisory/270"
              },
              {
                "name": "29041",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29041"
              },
              {
                "name": "ADV-2008-0612",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0612/references"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-02-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Session fixation vulnerability in BEA WebLogic Server and Express 8.1 SP4 through SP6, 9.2 through MP1, and 10.0 allows remote authenticated users to hijack web sessions via unknown vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2008-03-11T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "1019439",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1019439"
            },
            {
              "name": "BEA08-196.00",
              "tags": [
                "vendor-advisory",
                "x_refsource_BEA"
              ],
              "url": "http://dev2dev.bea.com/pub/advisory/270"
            },
            {
              "name": "29041",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29041"
            },
            {
              "name": "ADV-2008-0612",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0612/references"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-0900",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Session fixation vulnerability in BEA WebLogic Server and Express 8.1 SP4 through SP6, 9.2 through MP1, and 10.0 allows remote authenticated users to hijack web sessions via unknown vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1019439",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1019439"
                },
                {
                  "name": "BEA08-196.00",
                  "refsource": "BEA",
                  "url": "http://dev2dev.bea.com/pub/advisory/270"
                },
                {
                  "name": "29041",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29041"
                },
                {
                  "name": "ADV-2008-0612",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0612/references"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-0900",
        "datePublished": "2008-02-22T21:00:00.000Z",
        "dateReserved": "2008-02-22T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:01:40.091Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-0898 (GCVE-0-2008-0898)

    Vulnerability from cvelistv5 – Published: 2008-02-22 21:00 – Updated: 2024-08-07 08:01
    VLAI
    Summary
    The distributed queue feature in JMS in BEA WebLogic Server 9.0 through 10.0, in certain configurations, does not properly handle when a client cannot send a message to a member of a distributed queue, which allows remote authenticated users to bypass intended access restrictions for protected distributed queues.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id?1019447 vdb-entryx_refsource_SECTRACK
    http://secunia.com/advisories/29041 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2008/0612… vdb-entryx_refsource_VUPEN
    http://dev2dev.bea.com/pub/advisory/268 vendor-advisoryx_refsource_BEA
    Date Public
    2008-02-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:01:40.071Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1019447",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1019447"
              },
              {
                "name": "29041",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29041"
              },
              {
                "name": "ADV-2008-0612",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0612/references"
              },
              {
                "name": "BEA08-194.00",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_BEA",
                  "x_transferred"
                ],
                "url": "http://dev2dev.bea.com/pub/advisory/268"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-02-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The distributed queue feature in JMS in BEA WebLogic Server 9.0 through 10.0, in certain configurations, does not properly handle when a client cannot send a message to a member of a distributed queue, which allows remote authenticated users to bypass intended access restrictions for protected distributed queues."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2008-03-11T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "1019447",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1019447"
            },
            {
              "name": "29041",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29041"
            },
            {
              "name": "ADV-2008-0612",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0612/references"
            },
            {
              "name": "BEA08-194.00",
              "tags": [
                "vendor-advisory",
                "x_refsource_BEA"
              ],
              "url": "http://dev2dev.bea.com/pub/advisory/268"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-0898",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The distributed queue feature in JMS in BEA WebLogic Server 9.0 through 10.0, in certain configurations, does not properly handle when a client cannot send a message to a member of a distributed queue, which allows remote authenticated users to bypass intended access restrictions for protected distributed queues."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1019447",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1019447"
                },
                {
                  "name": "29041",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29041"
                },
                {
                  "name": "ADV-2008-0612",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0612/references"
                },
                {
                  "name": "BEA08-194.00",
                  "refsource": "BEA",
                  "url": "http://dev2dev.bea.com/pub/advisory/268"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-0898",
        "datePublished": "2008-02-22T21:00:00.000Z",
        "dateReserved": "2008-02-22T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:01:40.071Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-0899 (GCVE-0-2008-0899)

    Vulnerability from cvelistv5 – Published: 2008-02-22 21:00 – Updated: 2024-08-07 08:01
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in the Administration Console in BEA WebLogic Server and Express 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via URLs that are not properly handled by the Unexpected Exception Page.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id?1019448 vdb-entryx_refsource_SECTRACK
    http://secunia.com/advisories/29041 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2008/0612… vdb-entryx_refsource_VUPEN
    http://dev2dev.bea.com/pub/advisory/269 vendor-advisoryx_refsource_BEA
    Date Public
    2008-02-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:01:40.102Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1019448",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1019448"
              },
              {
                "name": "29041",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29041"
              },
              {
                "name": "ADV-2008-0612",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0612/references"
              },
              {
                "name": "BEA08-195.00",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_BEA",
                  "x_transferred"
                ],
                "url": "http://dev2dev.bea.com/pub/advisory/269"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-02-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the Administration Console in BEA WebLogic Server and Express 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via URLs that are not properly handled by the Unexpected Exception Page."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2008-03-11T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "1019448",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1019448"
            },
            {
              "name": "29041",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29041"
            },
            {
              "name": "ADV-2008-0612",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0612/references"
            },
            {
              "name": "BEA08-195.00",
              "tags": [
                "vendor-advisory",
                "x_refsource_BEA"
              ],
              "url": "http://dev2dev.bea.com/pub/advisory/269"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-0899",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in the Administration Console in BEA WebLogic Server and Express 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via URLs that are not properly handled by the Unexpected Exception Page."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1019448",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1019448"
                },
                {
                  "name": "29041",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29041"
                },
                {
                  "name": "ADV-2008-0612",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0612/references"
                },
                {
                  "name": "BEA08-195.00",
                  "refsource": "BEA",
                  "url": "http://dev2dev.bea.com/pub/advisory/269"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-0899",
        "datePublished": "2008-02-22T21:00:00.000Z",
        "dateReserved": "2008-02-22T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:01:40.102Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-0895 (GCVE-0-2008-0895)

    Vulnerability from cvelistv5 – Published: 2008-02-22 21:00 – Updated: 2024-08-07 08:01
    VLAI
    Summary
    BEA WebLogic Server and WebLogic Express 6.1 through 10.0 allows remote attackers to bypass authentication for application servlets via crafted request headers.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/29041 third-party-advisoryx_refsource_SECUNIA
    http://dev2dev.bea.com/pub/advisory/265 vendor-advisoryx_refsource_BEA
    http://www.vupen.com/english/advisories/2008/0612… vdb-entryx_refsource_VUPEN
    http://www.securitytracker.com/id?1019443 vdb-entryx_refsource_SECTRACK
    Date Public
    2008-02-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:01:40.067Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "29041",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29041"
              },
              {
                "name": "BEA08-191.00",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_BEA",
                  "x_transferred"
                ],
                "url": "http://dev2dev.bea.com/pub/advisory/265"
              },
              {
                "name": "ADV-2008-0612",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0612/references"
              },
              {
                "name": "1019443",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1019443"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-02-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "BEA WebLogic Server and WebLogic Express 6.1 through 10.0 allows remote attackers to bypass authentication for application servlets via crafted request headers."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2008-03-11T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "29041",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29041"
            },
            {
              "name": "BEA08-191.00",
              "tags": [
                "vendor-advisory",
                "x_refsource_BEA"
              ],
              "url": "http://dev2dev.bea.com/pub/advisory/265"
            },
            {
              "name": "ADV-2008-0612",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0612/references"
            },
            {
              "name": "1019443",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1019443"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-0895",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "BEA WebLogic Server and WebLogic Express 6.1 through 10.0 allows remote attackers to bypass authentication for application servlets via crafted request headers."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "29041",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29041"
                },
                {
                  "name": "BEA08-191.00",
                  "refsource": "BEA",
                  "url": "http://dev2dev.bea.com/pub/advisory/265"
                },
                {
                  "name": "ADV-2008-0612",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0612/references"
                },
                {
                  "name": "1019443",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1019443"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-0895",
        "datePublished": "2008-02-22T21:00:00.000Z",
        "dateReserved": "2008-02-22T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:01:40.067Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-0902 (GCVE-0-2008-0902)

    Vulnerability from cvelistv5 – Published: 2008-02-22 21:00 – Updated: 2024-08-07 08:01
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 6.1 through 10.0 MP1 allow remote attackers to inject arbitrary web script or HTML via unspecified samples. NOTE: this might be the same issue as CVE-2007-2694.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://dev2dev.bea.com/pub/advisory/273 vendor-advisoryx_refsource_BEA
    http://secunia.com/advisories/29041 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2008/0612… vdb-entryx_refsource_VUPEN
    Date Public
    2008-02-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:01:40.105Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "BEA08-80.04",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_BEA",
                  "x_transferred"
                ],
                "url": "http://dev2dev.bea.com/pub/advisory/273"
              },
              {
                "name": "29041",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29041"
              },
              {
                "name": "ADV-2008-0612",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0612/references"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-02-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 6.1 through 10.0 MP1 allow remote attackers to inject arbitrary web script or HTML via unspecified samples.  NOTE: this might be the same issue as CVE-2007-2694."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2008-03-11T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "BEA08-80.04",
              "tags": [
                "vendor-advisory",
                "x_refsource_BEA"
              ],
              "url": "http://dev2dev.bea.com/pub/advisory/273"
            },
            {
              "name": "29041",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29041"
            },
            {
              "name": "ADV-2008-0612",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0612/references"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-0902",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 6.1 through 10.0 MP1 allow remote attackers to inject arbitrary web script or HTML via unspecified samples.  NOTE: this might be the same issue as CVE-2007-2694."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "BEA08-80.04",
                  "refsource": "BEA",
                  "url": "http://dev2dev.bea.com/pub/advisory/273"
                },
                {
                  "name": "29041",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29041"
                },
                {
                  "name": "ADV-2008-0612",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0612/references"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-0902",
        "datePublished": "2008-02-22T21:00:00.000Z",
        "dateReserved": "2008-02-22T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:01:40.105Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-0901 (GCVE-0-2008-0901)

    Vulnerability from cvelistv5 – Published: 2008-02-22 21:00 – Updated: 2024-08-07 08:01
    VLAI
    Summary
    BEA WebLogic Server and Express 7.0 through 10.0 allows remote attackers to conduct brute force password guessing attacks, even when account lockout has been activated, via crafted URLs that indicate whether a guessed password is successful or not.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://dev2dev.bea.com/pub/advisory/271 vendor-advisoryx_refsource_BEA
    http://secunia.com/advisories/29041 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2008/0612… vdb-entryx_refsource_VUPEN
    http://www.s21sec.com/avisos/s21sec-040-en.txt x_refsource_MISC
    http://www.securitytracker.com/id?1019449 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/archive/1/488686/100… mailing-listx_refsource_BUGTRAQ
    Date Public
    2008-02-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:01:40.056Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "BEA08-197.00",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_BEA",
                  "x_transferred"
                ],
                "url": "http://dev2dev.bea.com/pub/advisory/271"
              },
              {
                "name": "29041",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29041"
              },
              {
                "name": "ADV-2008-0612",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0612/references"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.s21sec.com/avisos/s21sec-040-en.txt"
              },
              {
                "name": "1019449",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1019449"
              },
              {
                "name": "20080225 S21SEC-040-en: Infinite invalid authentication attempts possible in BEA WebLogic Server",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/488686/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-02-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "BEA WebLogic Server and Express 7.0 through 10.0 allows remote attackers to conduct brute force password guessing attacks, even when account lockout has been activated, via crafted URLs that indicate whether a guessed password is successful or not."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "BEA08-197.00",
              "tags": [
                "vendor-advisory",
                "x_refsource_BEA"
              ],
              "url": "http://dev2dev.bea.com/pub/advisory/271"
            },
            {
              "name": "29041",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29041"
            },
            {
              "name": "ADV-2008-0612",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0612/references"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.s21sec.com/avisos/s21sec-040-en.txt"
            },
            {
              "name": "1019449",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1019449"
            },
            {
              "name": "20080225 S21SEC-040-en: Infinite invalid authentication attempts possible in BEA WebLogic Server",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/488686/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-0901",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "BEA WebLogic Server and Express 7.0 through 10.0 allows remote attackers to conduct brute force password guessing attacks, even when account lockout has been activated, via crafted URLs that indicate whether a guessed password is successful or not."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "BEA08-197.00",
                  "refsource": "BEA",
                  "url": "http://dev2dev.bea.com/pub/advisory/271"
                },
                {
                  "name": "29041",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29041"
                },
                {
                  "name": "ADV-2008-0612",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0612/references"
                },
                {
                  "name": "http://www.s21sec.com/avisos/s21sec-040-en.txt",
                  "refsource": "MISC",
                  "url": "http://www.s21sec.com/avisos/s21sec-040-en.txt"
                },
                {
                  "name": "1019449",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1019449"
                },
                {
                  "name": "20080225 S21SEC-040-en: Infinite invalid authentication attempts possible in BEA WebLogic Server",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/488686/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-0901",
        "datePublished": "2008-02-22T21:00:00.000Z",
        "dateReserved": "2008-02-22T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:01:40.056Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-0869 (GCVE-0-2008-0869)

    Vulnerability from cvelistv5 – Published: 2008-02-21 01:00 – Updated: 2024-08-07 08:01
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id?1019438 vdb-entryx_refsource_SECTRACK
    http://dev2dev.bea.com/pub/advisory/263 vendor-advisoryx_refsource_BEA
    http://secunia.com/advisories/29041 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2008/0612… vdb-entryx_refsource_VUPEN
    http://www.vupen.com/english/advisories/2008/0611 vdb-entryx_refsource_VUPEN
    Date Public
    2008-02-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:01:39.719Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1019438",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1019438"
              },
              {
                "name": "BEA08-189.00",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_BEA",
                  "x_transferred"
                ],
                "url": "http://dev2dev.bea.com/pub/advisory/263"
              },
              {
                "name": "29041",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29041"
              },
              {
                "name": "ADV-2008-0612",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0612/references"
              },
              {
                "name": "ADV-2008-0611",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0611"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-02-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a \"framework defined request parameter\" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2008-03-11T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "1019438",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1019438"
            },
            {
              "name": "BEA08-189.00",
              "tags": [
                "vendor-advisory",
                "x_refsource_BEA"
              ],
              "url": "http://dev2dev.bea.com/pub/advisory/263"
            },
            {
              "name": "29041",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29041"
            },
            {
              "name": "ADV-2008-0612",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0612/references"
            },
            {
              "name": "ADV-2008-0611",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0611"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-0869",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a \"framework defined request parameter\" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1019438",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1019438"
                },
                {
                  "name": "BEA08-189.00",
                  "refsource": "BEA",
                  "url": "http://dev2dev.bea.com/pub/advisory/263"
                },
                {
                  "name": "29041",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29041"
                },
                {
                  "name": "ADV-2008-0612",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0612/references"
                },
                {
                  "name": "ADV-2008-0611",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0611"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-0869",
        "datePublished": "2008-02-21T01:00:00.000Z",
        "dateReserved": "2008-02-20T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:01:39.719Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-0863 (GCVE-0-2008-0863)

    Vulnerability from cvelistv5 – Published: 2008-02-21 01:00 – Updated: 2024-08-07 08:01
    VLAI
    Summary
    BEA WebLogic Server and WebLogic Express 9.0 and 9.1 exposes the web service's WSDL and security policies, which allows remote attackers to obtain sensitive information and potentially launch further attacks.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id?1019455 vdb-entryx_refsource_SECTRACK
    http://www.vupen.com/english/advisories/2008/0612… vdb-entryx_refsource_VUPEN
    http://dev2dev.bea.com/pub/advisory/260 vendor-advisoryx_refsource_BEA
    Date Public
    2008-02-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:01:40.101Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1019455",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1019455"
              },
              {
                "name": "ADV-2008-0612",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0612/references"
              },
              {
                "name": "BEA08-187.00",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_BEA",
                  "x_transferred"
                ],
                "url": "http://dev2dev.bea.com/pub/advisory/260"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-02-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "BEA WebLogic Server and WebLogic Express 9.0 and 9.1 exposes the web service\u0027s WSDL and security policies, which allows remote attackers to obtain sensitive information and potentially launch further attacks."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2008-03-11T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "1019455",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1019455"
            },
            {
              "name": "ADV-2008-0612",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0612/references"
            },
            {
              "name": "BEA08-187.00",
              "tags": [
                "vendor-advisory",
                "x_refsource_BEA"
              ],
              "url": "http://dev2dev.bea.com/pub/advisory/260"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-0863",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "BEA WebLogic Server and WebLogic Express 9.0 and 9.1 exposes the web service\u0027s WSDL and security policies, which allows remote attackers to obtain sensitive information and potentially launch further attacks."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1019455",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1019455"
                },
                {
                  "name": "ADV-2008-0612",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0612/references"
                },
                {
                  "name": "BEA08-187.00",
                  "refsource": "BEA",
                  "url": "http://dev2dev.bea.com/pub/advisory/260"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-0863",
        "datePublished": "2008-02-21T01:00:00.000Z",
        "dateReserved": "2008-02-20T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:01:40.101Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2003-1437 (GCVE-0-2003-1437)

    Vulnerability from cvelistv5 – Published: 2007-10-23 01:00 – Updated: 2024-08-08 02:28
    VLAI
    Summary
    BEA WebLogic Express and WebLogic Server 7.0 and 7.0.0.1, stores passwords in plaintext when a keystore is used to store a private key or trust certificate authorities, which allows local users to gain access.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2003-01-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T02:28:03.573Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "BEA03-25.00",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_BEA",
                  "x_transferred"
                ],
                "url": "http://dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-25.jsp"
              },
              {
                "name": "6719",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/6719"
              },
              {
                "name": "weblogic-keystore-plaintext-passwords(11220)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11220"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2003-01-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "BEA WebLogic Express and WebLogic Server 7.0 and 7.0.0.1, stores passwords in plaintext when a keystore is used to store a private key or trust certificate authorities, which allows local users to gain access."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "BEA03-25.00",
              "tags": [
                "vendor-advisory",
                "x_refsource_BEA"
              ],
              "url": "http://dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-25.jsp"
            },
            {
              "name": "6719",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/6719"
            },
            {
              "name": "weblogic-keystore-plaintext-passwords(11220)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11220"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2003-1437",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "BEA WebLogic Express and WebLogic Server 7.0 and 7.0.0.1, stores passwords in plaintext when a keystore is used to store a private key or trust certificate authorities, which allows local users to gain access."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "BEA03-25.00",
                  "refsource": "BEA",
                  "url": "http://dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-25.jsp"
                },
                {
                  "name": "6719",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/6719"
                },
                {
                  "name": "weblogic-keystore-plaintext-passwords(11220)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11220"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2003-1437",
        "datePublished": "2007-10-23T01:00:00.000Z",
        "dateReserved": "2007-10-22T00:00:00.000Z",
        "dateUpdated": "2024-08-08T02:28:03.573Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2003-1438 (GCVE-0-2003-1438)

    Vulnerability from cvelistv5 – Published: 2007-10-23 01:00 – Updated: 2024-08-08 02:28
    VLAI
    Summary
    Race condition in BEA WebLogic Server and Express 5.1 through 7.0.0.1, when using in-memory session replication or replicated stateful session beans, causes the same buffer to be provided to two users, which could allow one user to see session data that was intended for another user.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://dev.bea.com/resourcelibrary/advisoriesnoti… vendor-advisoryx_refsource_BEA
    http://www.securitytracker.com/id?1006018 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/6717 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2003-01-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T02:28:03.597Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "BEA03-26.01",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_BEA",
                  "x_transferred"
                ],
                "url": "http://dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-26.01.jsp"
              },
              {
                "name": "1006018",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1006018"
              },
              {
                "name": "6717",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/6717"
              },
              {
                "name": "weblogic-clustered-race-condition(11221)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11221"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2003-01-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Race condition in BEA WebLogic Server and Express 5.1 through 7.0.0.1, when using in-memory session replication or replicated stateful session beans, causes the same buffer to be provided to two users, which could allow one user to see session data that was intended for another user."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "BEA03-26.01",
              "tags": [
                "vendor-advisory",
                "x_refsource_BEA"
              ],
              "url": "http://dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-26.01.jsp"
            },
            {
              "name": "1006018",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1006018"
            },
            {
              "name": "6717",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/6717"
            },
            {
              "name": "weblogic-clustered-race-condition(11221)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11221"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2003-1438",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Race condition in BEA WebLogic Server and Express 5.1 through 7.0.0.1, when using in-memory session replication or replicated stateful session beans, causes the same buffer to be provided to two users, which could allow one user to see session data that was intended for another user."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "BEA03-26.01",
                  "refsource": "BEA",
                  "url": "http://dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-26.01.jsp"
                },
                {
                  "name": "1006018",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1006018"
                },
                {
                  "name": "6717",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/6717"
                },
                {
                  "name": "weblogic-clustered-race-condition(11221)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11221"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2003-1438",
        "datePublished": "2007-10-23T01:00:00.000Z",
        "dateReserved": "2007-10-22T00:00:00.000Z",
        "dateUpdated": "2024-08-08T02:28:03.597Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-5576 (GCVE-0-2007-5576)

    Vulnerability from cvelistv5 – Published: 2007-10-18 21:00 – Updated: 2024-08-07 15:39
    VLAI
    Summary
    BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which allows physically proximate attackers to obtain sensitive information via the (1) cnsbind, (2) cnsunbind, or (3) cnsls commands.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://osvdb.org/45478 vdb-entryx_refsource_OSVDB
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://dev2dev.bea.com/pub/advisory/226 vendor-advisoryx_refsource_BEA
    http://www.vupen.com/english/advisories/2007/1813 vdb-entryx_refsource_VUPEN
    Date Public
    2007-05-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T15:39:13.505Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "45478",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/45478"
              },
              {
                "name": "weblogic-tuxedo-information-disclosure(34290)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34290"
              },
              {
                "name": "BEA07-158.00",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_BEA",
                  "x_transferred"
                ],
                "url": "http://dev2dev.bea.com/pub/advisory/226"
              },
              {
                "name": "ADV-2007-1813",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/1813"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-05-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which allows physically proximate attackers to obtain sensitive information via the (1) cnsbind, (2) cnsunbind, or (3) cnsls commands."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "45478",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/45478"
            },
            {
              "name": "weblogic-tuxedo-information-disclosure(34290)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34290"
            },
            {
              "name": "BEA07-158.00",
              "tags": [
                "vendor-advisory",
                "x_refsource_BEA"
              ],
              "url": "http://dev2dev.bea.com/pub/advisory/226"
            },
            {
              "name": "ADV-2007-1813",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/1813"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-5576",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which allows physically proximate attackers to obtain sensitive information via the (1) cnsbind, (2) cnsunbind, or (3) cnsls commands."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "45478",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/45478"
                },
                {
                  "name": "weblogic-tuxedo-information-disclosure(34290)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34290"
                },
                {
                  "name": "BEA07-158.00",
                  "refsource": "BEA",
                  "url": "http://dev2dev.bea.com/pub/advisory/226"
                },
                {
                  "name": "ADV-2007-1813",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/1813"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-5576",
        "datePublished": "2007-10-18T21:00:00.000Z",
        "dateReserved": "2007-10-18T00:00:00.000Z",
        "dateUpdated": "2024-08-07T15:39:13.505Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-2696 (GCVE-0-2004-2696)

    Vulnerability from cvelistv5 – Published: 2007-10-06 21:00 – Updated: 2024-08-08 01:36
    VLAI
    Summary
    BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, when using Remote Method Invocation (RMI) over Internet Inter-ORB Protocol (IIOP), does not properly handle when multiple logins for different users coming from the same client, which could cause an "unexpected user identity" to be used in an RMI call.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/11865 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://securitytracker.com/id?1010493 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/10545 vdb-entryx_refsource_BID
    http://dev2dev.bea.com/pub/advisory/59 vendor-advisoryx_refsource_BEA
    http://www.osvdb.org/7081 vdb-entryx_refsource_OSVDB
    Date Public
    2004-06-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T01:36:25.252Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "11865",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/11865"
              },
              {
                "name": "weblogic-unexpected-user-identity(16421)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16421"
              },
              {
                "name": "1010493",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1010493"
              },
              {
                "name": "10545",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/10545"
              },
              {
                "name": "BEA04-62.00",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_BEA",
                  "x_transferred"
                ],
                "url": "http://dev2dev.bea.com/pub/advisory/59"
              },
              {
                "name": "7081",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/7081"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-06-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, when using Remote Method Invocation (RMI) over Internet Inter-ORB Protocol (IIOP), does not properly handle when multiple logins for different users coming from the same client, which could cause an \"unexpected user identity\" to be used in an RMI call."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "11865",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/11865"
            },
            {
              "name": "weblogic-unexpected-user-identity(16421)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16421"
            },
            {
              "name": "1010493",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1010493"
            },
            {
              "name": "10545",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/10545"
            },
            {
              "name": "BEA04-62.00",
              "tags": [
                "vendor-advisory",
                "x_refsource_BEA"
              ],
              "url": "http://dev2dev.bea.com/pub/advisory/59"
            },
            {
              "name": "7081",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/7081"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-2696",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, when using Remote Method Invocation (RMI) over Internet Inter-ORB Protocol (IIOP), does not properly handle when multiple logins for different users coming from the same client, which could cause an \"unexpected user identity\" to be used in an RMI call."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "11865",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/11865"
                },
                {
                  "name": "weblogic-unexpected-user-identity(16421)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16421"
                },
                {
                  "name": "1010493",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1010493"
                },
                {
                  "name": "10545",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/10545"
                },
                {
                  "name": "BEA04-62.00",
                  "refsource": "BEA",
                  "url": "http://dev2dev.bea.com/pub/advisory/59"
                },
                {
                  "name": "7081",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/7081"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-2696",
        "datePublished": "2007-10-06T21:00:00.000Z",
        "dateReserved": "2007-10-06T00:00:00.000Z",
        "dateUpdated": "2024-08-08T01:36:25.252Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }