Shodan
Vulnerabilities
Vulnerable Software
Bea:  >> Weblogic Server  >> 5.1  Security Vulnerabilities
CVE-2003-0733
Multiple cross-site scripting (XSS) vulnerabilities in WebLogic Integration 7.0 and 2.0, Liquid Data 1.1, and WebLogic Server and Express 5.1 through 7.0, allow remote attackers to execute arbitrary web script and steal authentication credentials via (1) a forward instruction to the Servlet container or (2) other vulnerabilities in the WebLogic Server console application.
CVSS Score
6.8
EPSS Score
0.01
Published
2003-10-20
CVE-2003-0640
BEA WebLogic Server and Express, when using NodeManager to start servers, provides Operator users with privileges to overwrite usernames and passwords, which may allow Operators to gain Admin privileges.
CVSS Score
10.0
EPSS Score
0.006
Published
2003-08-27
CVE-2002-1030
Race condition in Performance Pack in BEA WebLogic Server and Express 5.1.x, 6.0.x, 6.1.x and 7.0 allows remote attackers to cause a denial of service (crash) via a flood of data and connections.
CVSS Score
2.6
EPSS Score
0.007
Published
2002-10-04
CVE-2000-1238
BEA Systems WebLogic Express and WebLogic Server 5.1 SP1-SP6 allows remote attackers to bypass access controls for restricted JSP or servlet pages via a URL with multiple / (forward slash) characters before the restricted pages.
CVSS Score
7.5
EPSS Score
0.006
Published
2000-12-31
CVE-2000-0682
BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /ConsoleHelp/ into the URL, which invokes the FileServlet.
CVSS Score
5.0
EPSS Score
0.006
Published
2000-10-20
CVE-2000-0683
BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /*.shtml/ into the URL, which invokes the SSIServlet.
CVSS Score
5.0
EPSS Score
0.006
Published
2000-10-20
CVE-2000-0500
The default configuration of BEA WebLogic 5.1.0 allows a remote attacker to view source code of programs by requesting a URL beginning with /file/, which causes the default servlet to display the file without further processing.
CVSS Score
5.0
EPSS Score
0.055
Published
2000-06-21
CVE-2000-0499
The default configuration of BEA WebLogic 3.1.8 through 4.5.1 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case.
CVSS Score
7.5
EPSS Score
0.014
Published
2000-06-08


Products
Pricing
Contact Us

Shodan ® - All rights reserved