GCVE - cpe:2.3:a:bea:weblogic_server:9.2:mp2:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:bea:weblogic_server:9.2:mp2:*:*:*:*:*:*

part: a version: 9.2 update: mp2

Vendor	Bea (`c4fe31a7-8f48-5c00-b7c2-e6a20391219c`)
Product	Weblogic Server (`ebf23157-7e5f-5cf4-ba69-dda04749aa52`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2008-3257`	vulnerable	2026-06-03 14:28:52.757860	Details available Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request. Published: 2008-07-22T16:00:00.000Z Updated: 2024-08-07T09:28:41.938Z Open on db.gcve.eu Reference links http://www.attrition.org/pipermail/vim/2008-July/002035.html http://www.attrition.org/pipermail/vim/2008-July/002036.html https://www.exploit-db.com/exploits/6089 http://www.oracle.com/technology/deploy/security/alerts/alert_cve2008-3257.html https://support.bea.com/application_content/product_portlets/securityadvisories/2793.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2008-0901`	vulnerable	2026-06-03 14:28:38.349935	Details available BEA WebLogic Server and Express 7.0 through 10.0 allows remote attackers to conduct brute force password guessing attacks, even when account lockout has been activated, via crafted URLs that indicate whether a guessed password is successful or not. Published: 2008-02-22T21:00:00.000Z Updated: 2024-08-07T08:01:40.056Z Open on db.gcve.eu Reference links http://dev2dev.bea.com/pub/advisory/271 http://secunia.com/advisories/29041 http://www.vupen.com/english/advisories/2008/0612/references http://www.s21sec.com/avisos/s21sec-040-en.txt http://www.securitytracker.com/id?1019449	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2008-0898`	vulnerable	2026-06-03 14:28:38.342938	Details available The distributed queue feature in JMS in BEA WebLogic Server 9.0 through 10.0, in certain configurations, does not properly handle when a client cannot send a message to a member of a distributed queue, which allows remote authenticated users to bypass intended access restrictions for protected distributed queues. Published: 2008-02-22T21:00:00.000Z Updated: 2024-08-07T08:01:40.071Z Open on db.gcve.eu Reference links http://www.securitytracker.com/id?1019447 http://secunia.com/advisories/29041 http://www.vupen.com/english/advisories/2008/0612/references http://dev2dev.bea.com/pub/advisory/268	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.