Bea: >> Weblogic Server Security Vulnerabilities
The Web Services fat client for BEA WebLogic Server and Express 7.0 SP4 and earlier, when using 2-way SSL and multiple certificates to connect to the same URL, may use the incorrect identity after the first connection, which could allow users to gain privileges.
CVSS Score
7.5
EPSS Score
0.004
Published
2004-12-31
BEA WebLogic Server and Express 8.1, SP1 and earlier, stores the administrator password in cleartext in config.xml, which allows local users to gain privileges.
CVSS Score
4.6
EPSS Score
0.001
Published
2004-12-31
The default configuration of BEA WebLogic Server and Express 8.1 SP2 and earlier, 7.0 SP4 and earlier, 6.1 through SP6, and 5.1 through SP13 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting.
CVSS Score
5.8
EPSS Score
0.069
Published
2004-12-31
BEA WebLogic Server and Express 8.1 SP1 and earlier allows local users in the Operator role to obtain administrator passwords via MBean attributes, including (1) ServerStartMBean.Password and (2) NodeManagerMBean.CertificatePassword.
CVSS Score
2.1
EPSS Score
0.0
Published
2004-12-31
BEA WebLogic Server and WebLogic Express 8.1 through 8.1 SP2 allow remote attackers to cause a denial of service (network port consumption) via unknown actions in HTTPS sessions, which prevents the server from releasing the network port when the session ends.
CVSS Score
5.0
EPSS Score
0.011
Published
2004-12-31
BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, when using Remote Method Invocation (RMI) over Internet Inter-ORB Protocol (IIOP), does not properly handle when multiple logins for different users coming from the same client, which could cause an "unexpected user identity" to be used in an RMI call.
CVSS Score
5.5
EPSS Score
0.005
Published
2004-12-31
Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via ".." sequences in the dynamicimag argument to crystalimagehandler.aspx.
CVSS Score
7.5
EPSS Score
0.776
Published
2004-08-06
BEA WebLogic Server and WebLogic Express 7.0 through 7.0 Service Pack 4, and 8.1 through 8.1 Service Pack 2, allows attackers to obtain the username and password for booting the server by directly accessing certain internal methods.
CVSS Score
7.2
EPSS Score
0.001
Published
2004-08-06
The URL pattern matching feature in BEA WebLogic Server 6.x matches illegal patterns ending in "*" as wildcards as if they were the legal "/*" pattern, which could cause WebLogic 7.x to allow remote attackers to bypass intended access restrictions because the illegal patterns are properly rejected.
CVSS Score
7.5
EPSS Score
0.009
Published
2004-07-27
The configuration tools (1) config.sh in Unix or (2) config.cmd in Windows for BEA WebLogic Server 8.1 through SP2 create a log file that contains the administrative username and password in cleartext, which could allow local users to gain privileges.
CVSS Score
4.6
EPSS Score
0.001
Published
2004-07-27