Shodan
Vulnerabilities
Vulnerable Software
Bea:  Security Vulnerabilities
CVE-2001-0098
Buffer overflow in Bea WebLogic Server before 5.1.0 allows remote attackers to execute arbitrary commands via a long URL that begins with a ".." string.
CVSS Score
10.0
EPSS Score
0.351
Published
2001-02-12
CVE-2000-1238
BEA Systems WebLogic Express and WebLogic Server 5.1 SP1-SP6 allows remote attackers to bypass access controls for restricted JSP or servlet pages via a URL with multiple / (forward slash) characters before the restricted pages.
CVSS Score
7.5
EPSS Score
0.006
Published
2000-12-31
CVE-2000-0681
Buffer overflow in BEA WebLogic server proxy plugin allows remote attackers to execute arbitrary commands via a long URL with a .JSP extension.
CVSS Score
10.0
EPSS Score
0.2
Published
2000-10-20
CVE-2000-0682
BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /ConsoleHelp/ into the URL, which invokes the FileServlet.
CVSS Score
5.0
EPSS Score
0.006
Published
2000-10-20
CVE-2000-0683
BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /*.shtml/ into the URL, which invokes the SSIServlet.
CVSS Score
5.0
EPSS Score
0.006
Published
2000-10-20
CVE-2000-0684
BEA WebLogic 5.1.x does not properly restrict access to the JSPServlet, which could allow remote attackers to compile and execute Java JSP code by directly invoking the servlet on any source file.
CVSS Score
10.0
EPSS Score
0.052
Published
2000-10-20
CVE-2000-0685
BEA WebLogic 5.1.x does not properly restrict access to the PageCompileServlet, which could allow remote attackers to compile and execute Java JHTML code by directly invoking the servlet on any source file.
CVSS Score
10.0
EPSS Score
0.052
Published
2000-10-20
CVE-2000-0500
The default configuration of BEA WebLogic 5.1.0 allows a remote attacker to view source code of programs by requesting a URL beginning with /file/, which causes the default servlet to display the file without further processing.
CVSS Score
5.0
EPSS Score
0.055
Published
2000-06-21
CVE-2000-0499
The default configuration of BEA WebLogic 3.1.8 through 4.5.1 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case.
CVSS Score
7.5
EPSS Score
0.014
Published
2000-06-08


Products
Pricing
Contact Us

Shodan ® - All rights reserved