Search criteria
10 vulnerabilities found for weblogic_server by bea_systems
CVE-2010-2375 (GCVE-0-2010-2375)
Vulnerability from nvd – Published: 2010-07-13 22:07 – Updated: 2024-08-07 02:32
VLAI?
Summary
Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:32:16.381Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-23T09:00:00",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2010-2375",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2010-2375",
"datePublished": "2010-07-13T22:07:00",
"dateReserved": "2010-06-21T00:00:00",
"dateUpdated": "2024-08-07T02:32:16.381Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3257 (GCVE-0-2008-3257)
Vulnerability from nvd – Published: 2008-07-22 16:00 – Updated: 2024-08-07 09:28
VLAI?
Summary
Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:28:41.938Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20080717 Bea Weblogic Apache Connector BOF / Remote Denial of Service PoC",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://www.attrition.org/pipermail/vim/2008-July/002035.html"
},
{
"name": "20080717 Bea Weblogic Apache Connector BOF / Remote Denial of Service PoC",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://www.attrition.org/pipermail/vim/2008-July/002036.html"
},
{
"name": "6089",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6089"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technology/deploy/security/alerts/alert_cve2008-3257.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.bea.com/application_content/product_portlets/securityadvisories/2793.html"
},
{
"name": "31146",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31146"
},
{
"name": "30273",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30273"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blogs.oracle.com/security/2008/07/security_alert_for_cve-2008-3257_released.html"
},
{
"name": "1020520",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020520"
},
{
"name": "oracle-weblogic-apacheconnector-bo(43885)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43885"
},
{
"name": "VU#716387",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/716387"
},
{
"name": "ADV-2008-2145",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2145/references"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after \"POST /.jsp\" in an HTTP request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20080717 Bea Weblogic Apache Connector BOF / Remote Denial of Service PoC",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://www.attrition.org/pipermail/vim/2008-July/002035.html"
},
{
"name": "20080717 Bea Weblogic Apache Connector BOF / Remote Denial of Service PoC",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://www.attrition.org/pipermail/vim/2008-July/002036.html"
},
{
"name": "6089",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6089"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technology/deploy/security/alerts/alert_cve2008-3257.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.bea.com/application_content/product_portlets/securityadvisories/2793.html"
},
{
"name": "31146",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31146"
},
{
"name": "30273",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30273"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blogs.oracle.com/security/2008/07/security_alert_for_cve-2008-3257_released.html"
},
{
"name": "1020520",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020520"
},
{
"name": "oracle-weblogic-apacheconnector-bo(43885)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43885"
},
{
"name": "VU#716387",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/716387"
},
{
"name": "ADV-2008-2145",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2145/references"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3257",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after \"POST /.jsp\" in an HTTP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080717 Bea Weblogic Apache Connector BOF / Remote Denial of Service PoC",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2008-July/002035.html"
},
{
"name": "20080717 Bea Weblogic Apache Connector BOF / Remote Denial of Service PoC",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2008-July/002036.html"
},
{
"name": "6089",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6089"
},
{
"name": "http://www.oracle.com/technology/deploy/security/alerts/alert_cve2008-3257.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technology/deploy/security/alerts/alert_cve2008-3257.html"
},
{
"name": "https://support.bea.com/application_content/product_portlets/securityadvisories/2793.html",
"refsource": "CONFIRM",
"url": "https://support.bea.com/application_content/product_portlets/securityadvisories/2793.html"
},
{
"name": "31146",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31146"
},
{
"name": "30273",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30273"
},
{
"name": "http://blogs.oracle.com/security/2008/07/security_alert_for_cve-2008-3257_released.html",
"refsource": "CONFIRM",
"url": "http://blogs.oracle.com/security/2008/07/security_alert_for_cve-2008-3257_released.html"
},
{
"name": "1020520",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020520"
},
{
"name": "oracle-weblogic-apacheconnector-bo(43885)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43885"
},
{
"name": "VU#716387",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/716387"
},
{
"name": "ADV-2008-2145",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2145/references"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3257",
"datePublished": "2008-07-22T16:00:00",
"dateReserved": "2008-07-22T00:00:00",
"dateUpdated": "2024-08-07T09:28:41.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0903 (GCVE-0-2008-0903)
Vulnerability from nvd – Published: 2008-02-22 21:00 – Updated: 2024-08-07 08:01
VLAI?
Summary
Unspecified vulnerability in the BEA WebLogic Server and Express proxy plugin, as distributed before November 2007 and before 9.2 MP3 and 10.0 MP2, allows remote attackers to cause a denial of service (web server crash) via a crafted URL.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:01:40.046Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "BEA08-199.00",
"tags": [
"vendor-advisory",
"x_refsource_BEA",
"x_transferred"
],
"url": "http://dev2dev.bea.com/pub/advisory/275"
},
{
"name": "29041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29041"
},
{
"name": "1019450",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019450"
},
{
"name": "ADV-2008-0608",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0608/references"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the BEA WebLogic Server and Express proxy plugin, as distributed before November 2007 and before 9.2 MP3 and 10.0 MP2, allows remote attackers to cause a denial of service (web server crash) via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-03-11T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "BEA08-199.00",
"tags": [
"vendor-advisory",
"x_refsource_BEA"
],
"url": "http://dev2dev.bea.com/pub/advisory/275"
},
{
"name": "29041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29041"
},
{
"name": "1019450",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019450"
},
{
"name": "ADV-2008-0608",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0608/references"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0903",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the BEA WebLogic Server and Express proxy plugin, as distributed before November 2007 and before 9.2 MP3 and 10.0 MP2, allows remote attackers to cause a denial of service (web server crash) via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "BEA08-199.00",
"refsource": "BEA",
"url": "http://dev2dev.bea.com/pub/advisory/275"
},
{
"name": "29041",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29041"
},
{
"name": "1019450",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019450"
},
{
"name": "ADV-2008-0608",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0608/references"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0903",
"datePublished": "2008-02-22T21:00:00",
"dateReserved": "2008-02-22T00:00:00",
"dateUpdated": "2024-08-07T08:01:40.046Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0902 (GCVE-0-2008-0902)
Vulnerability from nvd – Published: 2008-02-22 21:00 – Updated: 2024-08-07 08:01
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 6.1 through 10.0 MP1 allow remote attackers to inject arbitrary web script or HTML via unspecified samples. NOTE: this might be the same issue as CVE-2007-2694.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:01:40.105Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "BEA08-80.04",
"tags": [
"vendor-advisory",
"x_refsource_BEA",
"x_transferred"
],
"url": "http://dev2dev.bea.com/pub/advisory/273"
},
{
"name": "29041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29041"
},
{
"name": "ADV-2008-0612",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0612/references"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 6.1 through 10.0 MP1 allow remote attackers to inject arbitrary web script or HTML via unspecified samples. NOTE: this might be the same issue as CVE-2007-2694."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-03-11T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "BEA08-80.04",
"tags": [
"vendor-advisory",
"x_refsource_BEA"
],
"url": "http://dev2dev.bea.com/pub/advisory/273"
},
{
"name": "29041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29041"
},
{
"name": "ADV-2008-0612",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0612/references"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0902",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 6.1 through 10.0 MP1 allow remote attackers to inject arbitrary web script or HTML via unspecified samples. NOTE: this might be the same issue as CVE-2007-2694."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "BEA08-80.04",
"refsource": "BEA",
"url": "http://dev2dev.bea.com/pub/advisory/273"
},
{
"name": "29041",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29041"
},
{
"name": "ADV-2008-0612",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0612/references"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0902",
"datePublished": "2008-02-22T21:00:00",
"dateReserved": "2008-02-22T00:00:00",
"dateUpdated": "2024-08-07T08:01:40.105Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0901 (GCVE-0-2008-0901)
Vulnerability from nvd – Published: 2008-02-22 21:00 – Updated: 2024-08-07 08:01
VLAI?
Summary
BEA WebLogic Server and Express 7.0 through 10.0 allows remote attackers to conduct brute force password guessing attacks, even when account lockout has been activated, via crafted URLs that indicate whether a guessed password is successful or not.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:01:40.056Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "BEA08-197.00",
"tags": [
"vendor-advisory",
"x_refsource_BEA",
"x_transferred"
],
"url": "http://dev2dev.bea.com/pub/advisory/271"
},
{
"name": "29041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29041"
},
{
"name": "ADV-2008-0612",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0612/references"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.s21sec.com/avisos/s21sec-040-en.txt"
},
{
"name": "1019449",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019449"
},
{
"name": "20080225 S21SEC-040-en: Infinite invalid authentication attempts possible in BEA WebLogic Server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/488686/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "BEA WebLogic Server and Express 7.0 through 10.0 allows remote attackers to conduct brute force password guessing attacks, even when account lockout has been activated, via crafted URLs that indicate whether a guessed password is successful or not."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "BEA08-197.00",
"tags": [
"vendor-advisory",
"x_refsource_BEA"
],
"url": "http://dev2dev.bea.com/pub/advisory/271"
},
{
"name": "29041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29041"
},
{
"name": "ADV-2008-0612",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0612/references"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.s21sec.com/avisos/s21sec-040-en.txt"
},
{
"name": "1019449",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019449"
},
{
"name": "20080225 S21SEC-040-en: Infinite invalid authentication attempts possible in BEA WebLogic Server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/488686/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0901",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BEA WebLogic Server and Express 7.0 through 10.0 allows remote attackers to conduct brute force password guessing attacks, even when account lockout has been activated, via crafted URLs that indicate whether a guessed password is successful or not."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "BEA08-197.00",
"refsource": "BEA",
"url": "http://dev2dev.bea.com/pub/advisory/271"
},
{
"name": "29041",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29041"
},
{
"name": "ADV-2008-0612",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0612/references"
},
{
"name": "http://www.s21sec.com/avisos/s21sec-040-en.txt",
"refsource": "MISC",
"url": "http://www.s21sec.com/avisos/s21sec-040-en.txt"
},
{
"name": "1019449",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019449"
},
{
"name": "20080225 S21SEC-040-en: Infinite invalid authentication attempts possible in BEA WebLogic Server",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488686/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0901",
"datePublished": "2008-02-22T21:00:00",
"dateReserved": "2008-02-22T00:00:00",
"dateUpdated": "2024-08-07T08:01:40.056Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2375 (GCVE-0-2010-2375)
Vulnerability from cvelistv5 – Published: 2010-07-13 22:07 – Updated: 2024-08-07 02:32
VLAI?
Summary
Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:32:16.381Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-23T09:00:00",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2010-2375",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2010-2375",
"datePublished": "2010-07-13T22:07:00",
"dateReserved": "2010-06-21T00:00:00",
"dateUpdated": "2024-08-07T02:32:16.381Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3257 (GCVE-0-2008-3257)
Vulnerability from cvelistv5 – Published: 2008-07-22 16:00 – Updated: 2024-08-07 09:28
VLAI?
Summary
Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:28:41.938Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20080717 Bea Weblogic Apache Connector BOF / Remote Denial of Service PoC",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://www.attrition.org/pipermail/vim/2008-July/002035.html"
},
{
"name": "20080717 Bea Weblogic Apache Connector BOF / Remote Denial of Service PoC",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://www.attrition.org/pipermail/vim/2008-July/002036.html"
},
{
"name": "6089",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6089"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technology/deploy/security/alerts/alert_cve2008-3257.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.bea.com/application_content/product_portlets/securityadvisories/2793.html"
},
{
"name": "31146",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31146"
},
{
"name": "30273",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30273"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blogs.oracle.com/security/2008/07/security_alert_for_cve-2008-3257_released.html"
},
{
"name": "1020520",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020520"
},
{
"name": "oracle-weblogic-apacheconnector-bo(43885)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43885"
},
{
"name": "VU#716387",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/716387"
},
{
"name": "ADV-2008-2145",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2145/references"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after \"POST /.jsp\" in an HTTP request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20080717 Bea Weblogic Apache Connector BOF / Remote Denial of Service PoC",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://www.attrition.org/pipermail/vim/2008-July/002035.html"
},
{
"name": "20080717 Bea Weblogic Apache Connector BOF / Remote Denial of Service PoC",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://www.attrition.org/pipermail/vim/2008-July/002036.html"
},
{
"name": "6089",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6089"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technology/deploy/security/alerts/alert_cve2008-3257.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.bea.com/application_content/product_portlets/securityadvisories/2793.html"
},
{
"name": "31146",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31146"
},
{
"name": "30273",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30273"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blogs.oracle.com/security/2008/07/security_alert_for_cve-2008-3257_released.html"
},
{
"name": "1020520",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020520"
},
{
"name": "oracle-weblogic-apacheconnector-bo(43885)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43885"
},
{
"name": "VU#716387",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/716387"
},
{
"name": "ADV-2008-2145",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2145/references"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3257",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after \"POST /.jsp\" in an HTTP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080717 Bea Weblogic Apache Connector BOF / Remote Denial of Service PoC",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2008-July/002035.html"
},
{
"name": "20080717 Bea Weblogic Apache Connector BOF / Remote Denial of Service PoC",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2008-July/002036.html"
},
{
"name": "6089",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6089"
},
{
"name": "http://www.oracle.com/technology/deploy/security/alerts/alert_cve2008-3257.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technology/deploy/security/alerts/alert_cve2008-3257.html"
},
{
"name": "https://support.bea.com/application_content/product_portlets/securityadvisories/2793.html",
"refsource": "CONFIRM",
"url": "https://support.bea.com/application_content/product_portlets/securityadvisories/2793.html"
},
{
"name": "31146",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31146"
},
{
"name": "30273",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30273"
},
{
"name": "http://blogs.oracle.com/security/2008/07/security_alert_for_cve-2008-3257_released.html",
"refsource": "CONFIRM",
"url": "http://blogs.oracle.com/security/2008/07/security_alert_for_cve-2008-3257_released.html"
},
{
"name": "1020520",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020520"
},
{
"name": "oracle-weblogic-apacheconnector-bo(43885)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43885"
},
{
"name": "VU#716387",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/716387"
},
{
"name": "ADV-2008-2145",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2145/references"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3257",
"datePublished": "2008-07-22T16:00:00",
"dateReserved": "2008-07-22T00:00:00",
"dateUpdated": "2024-08-07T09:28:41.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0903 (GCVE-0-2008-0903)
Vulnerability from cvelistv5 – Published: 2008-02-22 21:00 – Updated: 2024-08-07 08:01
VLAI?
Summary
Unspecified vulnerability in the BEA WebLogic Server and Express proxy plugin, as distributed before November 2007 and before 9.2 MP3 and 10.0 MP2, allows remote attackers to cause a denial of service (web server crash) via a crafted URL.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:01:40.046Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "BEA08-199.00",
"tags": [
"vendor-advisory",
"x_refsource_BEA",
"x_transferred"
],
"url": "http://dev2dev.bea.com/pub/advisory/275"
},
{
"name": "29041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29041"
},
{
"name": "1019450",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019450"
},
{
"name": "ADV-2008-0608",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0608/references"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the BEA WebLogic Server and Express proxy plugin, as distributed before November 2007 and before 9.2 MP3 and 10.0 MP2, allows remote attackers to cause a denial of service (web server crash) via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-03-11T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "BEA08-199.00",
"tags": [
"vendor-advisory",
"x_refsource_BEA"
],
"url": "http://dev2dev.bea.com/pub/advisory/275"
},
{
"name": "29041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29041"
},
{
"name": "1019450",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019450"
},
{
"name": "ADV-2008-0608",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0608/references"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0903",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the BEA WebLogic Server and Express proxy plugin, as distributed before November 2007 and before 9.2 MP3 and 10.0 MP2, allows remote attackers to cause a denial of service (web server crash) via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "BEA08-199.00",
"refsource": "BEA",
"url": "http://dev2dev.bea.com/pub/advisory/275"
},
{
"name": "29041",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29041"
},
{
"name": "1019450",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019450"
},
{
"name": "ADV-2008-0608",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0608/references"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0903",
"datePublished": "2008-02-22T21:00:00",
"dateReserved": "2008-02-22T00:00:00",
"dateUpdated": "2024-08-07T08:01:40.046Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0902 (GCVE-0-2008-0902)
Vulnerability from cvelistv5 – Published: 2008-02-22 21:00 – Updated: 2024-08-07 08:01
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 6.1 through 10.0 MP1 allow remote attackers to inject arbitrary web script or HTML via unspecified samples. NOTE: this might be the same issue as CVE-2007-2694.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:01:40.105Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "BEA08-80.04",
"tags": [
"vendor-advisory",
"x_refsource_BEA",
"x_transferred"
],
"url": "http://dev2dev.bea.com/pub/advisory/273"
},
{
"name": "29041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29041"
},
{
"name": "ADV-2008-0612",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0612/references"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 6.1 through 10.0 MP1 allow remote attackers to inject arbitrary web script or HTML via unspecified samples. NOTE: this might be the same issue as CVE-2007-2694."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-03-11T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "BEA08-80.04",
"tags": [
"vendor-advisory",
"x_refsource_BEA"
],
"url": "http://dev2dev.bea.com/pub/advisory/273"
},
{
"name": "29041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29041"
},
{
"name": "ADV-2008-0612",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0612/references"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0902",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 6.1 through 10.0 MP1 allow remote attackers to inject arbitrary web script or HTML via unspecified samples. NOTE: this might be the same issue as CVE-2007-2694."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "BEA08-80.04",
"refsource": "BEA",
"url": "http://dev2dev.bea.com/pub/advisory/273"
},
{
"name": "29041",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29041"
},
{
"name": "ADV-2008-0612",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0612/references"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0902",
"datePublished": "2008-02-22T21:00:00",
"dateReserved": "2008-02-22T00:00:00",
"dateUpdated": "2024-08-07T08:01:40.105Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0901 (GCVE-0-2008-0901)
Vulnerability from cvelistv5 – Published: 2008-02-22 21:00 – Updated: 2024-08-07 08:01
VLAI?
Summary
BEA WebLogic Server and Express 7.0 through 10.0 allows remote attackers to conduct brute force password guessing attacks, even when account lockout has been activated, via crafted URLs that indicate whether a guessed password is successful or not.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:01:40.056Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "BEA08-197.00",
"tags": [
"vendor-advisory",
"x_refsource_BEA",
"x_transferred"
],
"url": "http://dev2dev.bea.com/pub/advisory/271"
},
{
"name": "29041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29041"
},
{
"name": "ADV-2008-0612",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0612/references"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.s21sec.com/avisos/s21sec-040-en.txt"
},
{
"name": "1019449",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019449"
},
{
"name": "20080225 S21SEC-040-en: Infinite invalid authentication attempts possible in BEA WebLogic Server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/488686/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "BEA WebLogic Server and Express 7.0 through 10.0 allows remote attackers to conduct brute force password guessing attacks, even when account lockout has been activated, via crafted URLs that indicate whether a guessed password is successful or not."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "BEA08-197.00",
"tags": [
"vendor-advisory",
"x_refsource_BEA"
],
"url": "http://dev2dev.bea.com/pub/advisory/271"
},
{
"name": "29041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29041"
},
{
"name": "ADV-2008-0612",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0612/references"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.s21sec.com/avisos/s21sec-040-en.txt"
},
{
"name": "1019449",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019449"
},
{
"name": "20080225 S21SEC-040-en: Infinite invalid authentication attempts possible in BEA WebLogic Server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/488686/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0901",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BEA WebLogic Server and Express 7.0 through 10.0 allows remote attackers to conduct brute force password guessing attacks, even when account lockout has been activated, via crafted URLs that indicate whether a guessed password is successful or not."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "BEA08-197.00",
"refsource": "BEA",
"url": "http://dev2dev.bea.com/pub/advisory/271"
},
{
"name": "29041",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29041"
},
{
"name": "ADV-2008-0612",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0612/references"
},
{
"name": "http://www.s21sec.com/avisos/s21sec-040-en.txt",
"refsource": "MISC",
"url": "http://www.s21sec.com/avisos/s21sec-040-en.txt"
},
{
"name": "1019449",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019449"
},
{
"name": "20080225 S21SEC-040-en: Infinite invalid authentication attempts possible in BEA WebLogic Server",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488686/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0901",
"datePublished": "2008-02-22T21:00:00",
"dateReserved": "2008-02-22T00:00:00",
"dateUpdated": "2024-08-07T08:01:40.056Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}