GCVE - cpe:2.3:a:bea:weblogic_server:8.1:sp6:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:bea:weblogic_server:8.1:sp6:*:*:*:*:*:*

part: a version: 8.1 update: sp6

Vendor	Bea (`c4fe31a7-8f48-5c00-b7c2-e6a20391219c`)
Product	Weblogic Server (`ebf23157-7e5f-5cf4-ba69-dda04749aa52`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2010-2375`	vulnerable	2026-06-03 14:30:24.997145	Details available Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS. Published: 2010-07-13T22:07:00.000Z Updated: 2024-08-07T02:32:16.381Z Open on db.gcve.eu Reference links http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2008-3257`	vulnerable	2026-06-03 14:28:52.751520	Details available Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request. Published: 2008-07-22T16:00:00.000Z Updated: 2024-08-07T09:28:41.938Z Open on db.gcve.eu Reference links http://www.attrition.org/pipermail/vim/2008-July/002035.html http://www.attrition.org/pipermail/vim/2008-July/002036.html https://www.exploit-db.com/exploits/6089 http://www.oracle.com/technology/deploy/security/alerts/alert_cve2008-3257.html https://support.bea.com/application_content/product_portlets/securityadvisories/2793.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2008-0902`	vulnerable	2026-06-03 14:28:38.353923	Details available Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 6.1 through 10.0 MP1 allow remote attackers to inject arbitrary web script or HTML via unspecified samples. NOTE: this might be the same issue as CVE-2007-2694. Published: 2008-02-22T21:00:00.000Z Updated: 2024-08-07T08:01:40.105Z Open on db.gcve.eu Reference links http://dev2dev.bea.com/pub/advisory/273 http://secunia.com/advisories/29041 http://www.vupen.com/english/advisories/2008/0612/references	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2008-0901`	vulnerable	2026-06-03 14:28:38.349850	Details available BEA WebLogic Server and Express 7.0 through 10.0 allows remote attackers to conduct brute force password guessing attacks, even when account lockout has been activated, via crafted URLs that indicate whether a guessed password is successful or not. Published: 2008-02-22T21:00:00.000Z Updated: 2024-08-07T08:01:40.056Z Open on db.gcve.eu Reference links http://dev2dev.bea.com/pub/advisory/271 http://secunia.com/advisories/29041 http://www.vupen.com/english/advisories/2008/0612/references http://www.s21sec.com/avisos/s21sec-040-en.txt http://www.securitytracker.com/id?1019449	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2008-0900`	vulnerable	2026-06-03 14:28:38.346175	Details available Session fixation vulnerability in BEA WebLogic Server and Express 8.1 SP4 through SP6, 9.2 through MP1, and 10.0 allows remote authenticated users to hijack web sessions via unknown vectors. Published: 2008-02-22T21:00:00.000Z Updated: 2024-08-07T08:01:40.091Z Open on db.gcve.eu Reference links http://www.securitytracker.com/id?1019439 http://dev2dev.bea.com/pub/advisory/270 http://secunia.com/advisories/29041 http://www.vupen.com/english/advisories/2008/0612/references	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2008-0895`	vulnerable	2026-06-03 14:28:38.334051	Details available BEA WebLogic Server and WebLogic Express 6.1 through 10.0 allows remote attackers to bypass authentication for application servlets via crafted request headers. Published: 2008-02-22T21:00:00.000Z Updated: 2024-08-07T08:01:40.067Z Open on db.gcve.eu Reference links http://secunia.com/advisories/29041 http://dev2dev.bea.com/pub/advisory/265 http://www.vupen.com/english/advisories/2008/0612/references http://www.securitytracker.com/id?1019443	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2007-4616`	vulnerable	2026-06-03 14:28:19.010813	Details available The SSL server implementation in BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP1, and 10.0 sometimes selects the null cipher when no other cipher is compatible between the server and client, which might allow remote attackers to intercept communications. Published: 2007-08-31T00:00:00.000Z Updated: 2024-08-07T15:01:09.759Z Open on db.gcve.eu Reference links http://secunia.com/advisories/26539 https://exchange.xforce.ibmcloud.com/vulnerabilities/36320 http://www.securityfocus.com/bid/25472 http://securitytracker.com/id?1018620 http://www.vupen.com/english/advisories/2007/3008	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2007-4615`	vulnerable	2026-06-03 14:28:19.008717	Details available The SSL client implementation in BEA WebLogic Server 7.0 SP7, 8.1 SP2 through SP6, 9.0, 9.1, 9.2 Gold through MP2, and 10.0 sometimes selects the null cipher when others are available, which might allow remote attackers to intercept communications. Published: 2007-08-31T00:00:00.000Z Updated: 2024-08-07T15:01:09.673Z Open on db.gcve.eu Reference links http://secunia.com/advisories/26539 http://dev2dev.bea.com/pub/advisory/244 http://www.securityfocus.com/bid/25472 http://www.vupen.com/english/advisories/2007/3008 http://securitytracker.com/id?1018619	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.