GCVE - cpe:2.3:a:bea:weblogic_server:6.1:sp6:express:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:bea:weblogic_server:6.1:sp6:express:*:*:*:*:*

part: a version: 6.1 update: sp6

Vendor	Bea (`c4fe31a7-8f48-5c00-b7c2-e6a20391219c`)
Product	Weblogic Server (`ebf23157-7e5f-5cf4-ba69-dda04749aa52`)
Edition	express
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2007-5576`	vulnerable	2026-06-03 14:28:27.231842	Details available BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which allows physically proximate attackers to obtain sensitive information via the (1) cnsbind, (2) cnsunbind, or (3) cnsls commands. Published: 2007-10-18T21:00:00.000Z Updated: 2024-08-07T15:39:13.505Z Open on db.gcve.eu Reference links http://osvdb.org/45478 https://exchange.xforce.ibmcloud.com/vulnerabilities/34290 http://dev2dev.bea.com/pub/advisory/226 http://www.vupen.com/english/advisories/2007/1813	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2007-2695`	vulnerable	2026-06-03 14:28:09.181531	Details available The HttpClusterServlet and HttpProxyServlet in BEA WebLogic Express and WebLogic Server 6.1 through SP7, 7.0 through SP7, 8.1 through SP5, 9.0, and 9.1, when SecureProxy is enabled, may process "external requests on behalf of a system identity," which allows remote attackers to access administrative data or functionality. Published: 2007-05-16T01:00:00.000Z Updated: 2024-08-07T13:49:57.548Z Open on db.gcve.eu Reference links http://dev2dev.bea.com/pub/advisory/274 https://exchange.xforce.ibmcloud.com/vulnerabilities/34282 http://securitytracker.com/id?1018057 http://secunia.com/advisories/25284 http://secunia.com/advisories/29041	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2007-2694`	vulnerable	2026-06-03 14:28:09.162375	Details available Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Express and WebLogic Server 6.1 through SP7, 7.0 through SP7, 8.1 through SP5, 9.0 GA, and 9.1 GA allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: 2007-05-16T01:00:00.000Z Updated: 2024-08-07T13:49:57.192Z Open on db.gcve.eu Reference links http://osvdb.org/36075 http://secunia.com/advisories/25284 http://dev2dev.bea.com/pub/advisory/232 http://www.vupen.com/english/advisories/2007/1815	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2006-2472`	vulnerable	2026-06-03 14:27:32.329545	Details available Unspecified vulnerability in BEA WebLogic Server 9.1 and 9.0, 8.1 through SP5, 7.0 through SP6, and 6.1 through SP7 allows untrusted applications to obtain private server keys. Published: 2006-05-19T10:00:00.000Z Updated: 2024-08-07T17:51:04.629Z Open on db.gcve.eu Reference links http://secunia.com/advisories/20130 http://dev2dev.bea.com/pub/advisory/186 http://securitytracker.com/id?1016095 http://www.vupen.com/english/advisories/2006/1828 https://exchange.xforce.ibmcloud.com/vulnerabilities/26466	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2006-2471`	vulnerable	2026-06-03 14:27:32.316182	Details available Multiple vulnerabilities in BEA WebLogic Server 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7 leak sensitive information to remote attackers, including (1) DNS and IP addresses to address to T3 clients, (2) internal sensitive information using GetIORServlet, (3) certain "server details" in exceptions when invalid XML is provided, and (4) a stack trace in a SOAP fault. Published: 2006-05-19T10:00:00.000Z Updated: 2024-08-07T17:51:04.536Z Open on db.gcve.eu Reference links http://dev2dev.bea.com/pub/advisory/187 http://secunia.com/advisories/20130 http://www.vupen.com/english/advisories/2006/1828 http://securitytracker.com/id?1016096 https://exchange.xforce.ibmcloud.com/vulnerabilities/26465	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2006-1352`	vulnerable	2026-06-03 14:27:24.143926	Details available BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and WebLogic Server 6.1 SP7 and earlier allow remote attackers to cause a denial of service (memory exhaustion) via crafted non-canonicalized XML documents. Published: 2006-03-22T01:00:00.000Z Updated: 2024-08-07T17:12:20.556Z Open on db.gcve.eu Reference links http://dev2dev.bea.com/pub/advisory/183 http://www.securityfocus.com/bid/17167 https://exchange.xforce.ibmcloud.com/vulnerabilities/25348 http://securitytracker.com/id?1015790 http://secunia.com/advisories/19310	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2005-4761`	vulnerable	2026-06-03 14:27:14.231123	Details available BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP5 and earlier, and 6.1 SP7 and earlier log the Java command line at server startup, which might include sensitive information (passwords or keyphrases) in the server log file when the -D option is used. Published: 2006-04-01T02:00:00.000Z Updated: 2024-09-16T17:47:51.455Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/15052 http://dev2dev.bea.com/pub/advisory/152 http://secunia.com/advisories/17138	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2005-4751`	vulnerable	2026-06-03 14:27:14.219776	Details available Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and WebLogic Express 9.0, 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier allow remote attackers to inject arbitrary web script or HTML and gain administrative privileges via unknown attack vectors. Published: 2006-04-01T02:00:00.000Z Updated: 2024-09-17T02:47:24.793Z Open on db.gcve.eu Reference links http://dev2dev.bea.com/pub/advisory/139 http://www.securityfocus.com/bid/15052 http://secunia.com/advisories/17138	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2005-4750`	vulnerable	2026-06-03 14:27:14.200913	Details available BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP5 and earlier, and 6.1 SP7 and earlier allow remote attackers to cause a denial of service (server thread hang) via unknown attack vectors. Published: 2006-04-01T02:00:00.000Z Updated: 2024-09-16T22:36:34.769Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/15052 http://dev2dev.bea.com/pub/advisory/138 http://secunia.com/advisories/17138	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2005-4749`	vulnerable	2026-06-03 14:27:14.190307	Details available HTTP request smuggling vulnerability in BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier allows remote attackers to inject arbitrary HTTP headers via unspecified attack vectors. Published: 2006-04-01T02:00:00.000Z Updated: 2024-09-16T22:15:42.235Z Open on db.gcve.eu Reference links http://dev2dev.bea.com/pub/advisory/159 http://www.securityfocus.com/bid/17163 http://dev2dev.bea.com/pub/advisory/177 http://www.securityfocus.com/bid/15052 http://secunia.com/advisories/17138	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2004-2696`	vulnerable	2026-06-03 14:26:48.457113	Details available BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, when using Remote Method Invocation (RMI) over Internet Inter-ORB Protocol (IIOP), does not properly handle when multiple logins for different users coming from the same client, which could cause an "unexpected user identity" to be used in an RMI call. Published: 2007-10-06T21:00:00.000Z Updated: 2024-08-08T01:36:25.252Z Open on db.gcve.eu Reference links http://secunia.com/advisories/11865 https://exchange.xforce.ibmcloud.com/vulnerabilities/16421 http://securitytracker.com/id?1010493 http://www.securityfocus.com/bid/10545 http://dev2dev.bea.com/pub/advisory/59	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.