GCVE - cpe:2.3:a:bea:weblogic_server:8.1:sp5:win32:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:bea:weblogic_server:8.1:sp5:win32:*:*:*:*:*

part: a version: 8.1 update: sp5

Vendor	Bea (`c4fe31a7-8f48-5c00-b7c2-e6a20391219c`)
Product	Weblogic Server (`ebf23157-7e5f-5cf4-ba69-dda04749aa52`)
Edition	win32
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2005-4767`	vulnerable	2026-06-03 14:27:14.239435	Details available BEA WebLogic Server and WebLogic Express 8.1 SP5 and earlier, and 7.0 SP6 and earlier, when using username/password authentication, does not lock out a username after the maximum number of invalid login attempts, which makes it easier for remote attackers to guess the password. Published: 2006-04-01T02:00:00.000Z Updated: 2024-09-16T19:35:00.920Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/15052 http://dev2dev.bea.com/pub/advisory/161 http://secunia.com/advisories/17138 http://dev2dev.bea.com/pub/advisory/178 http://www.securityfocus.com/bid/17168	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2005-4764`	vulnerable	2026-06-03 14:27:14.236002	Details available BEA WebLogic Server and WebLogic Express 9.0, 8.1, and 7.0 lock out the admin user account after multiple incorrect password guesses, which allows remote attackers who know or guess the admin account name to cause a denial of service (blocked admin logins). Published: 2006-04-01T02:00:00.000Z Updated: 2024-09-17T03:43:22.570Z Open on db.gcve.eu Reference links http://dev2dev.bea.com/pub/advisory/155 http://www.securityfocus.com/bid/15052 http://secunia.com/advisories/17138	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2005-4763`	vulnerable	2026-06-03 14:27:14.234329	Details available BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier, when Internet Inter-ORB Protocol (IIOP) is used, sometimes include a password in an exception message that is sent to a client or stored in a log file, which might allow remote attackers to perform unauthorized actions. Published: 2006-04-01T02:00:00.000Z Updated: 2024-09-16T16:53:44.302Z Open on db.gcve.eu Reference links http://dev2dev.bea.com/pub/advisory/154 http://www.securityfocus.com/bid/15052 http://secunia.com/advisories/17138	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2005-4750`	vulnerable	2026-06-03 14:27:14.219009	Details available BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP5 and earlier, and 6.1 SP7 and earlier allow remote attackers to cause a denial of service (server thread hang) via unknown attack vectors. Published: 2006-04-01T02:00:00.000Z Updated: 2024-09-16T22:36:34.769Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/15052 http://dev2dev.bea.com/pub/advisory/138 http://secunia.com/advisories/17138	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.