GCVE - cpe:2.3:a:bea:weblogic_server:9.2:mp1:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:bea:weblogic_server:9.2:mp1:*:*:*:*:*:*

part: a version: 9.2 update: mp1

Vendor	Bea (`c4fe31a7-8f48-5c00-b7c2-e6a20391219c`)
Product	Weblogic Server (`ebf23157-7e5f-5cf4-ba69-dda04749aa52`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2008-3257`	vulnerable	2026-06-03 14:28:52.757362	Details available Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request. Published: 2008-07-22T16:00:00.000Z Updated: 2024-08-07T09:28:41.938Z Open on db.gcve.eu Reference links http://www.attrition.org/pipermail/vim/2008-July/002035.html http://www.attrition.org/pipermail/vim/2008-July/002036.html https://www.exploit-db.com/exploits/6089 http://www.oracle.com/technology/deploy/security/alerts/alert_cve2008-3257.html https://support.bea.com/application_content/product_portlets/securityadvisories/2793.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2008-0901`	vulnerable	2026-06-03 14:28:38.349917	Details available BEA WebLogic Server and Express 7.0 through 10.0 allows remote attackers to conduct brute force password guessing attacks, even when account lockout has been activated, via crafted URLs that indicate whether a guessed password is successful or not. Published: 2008-02-22T21:00:00.000Z Updated: 2024-08-07T08:01:40.056Z Open on db.gcve.eu Reference links http://dev2dev.bea.com/pub/advisory/271 http://secunia.com/advisories/29041 http://www.vupen.com/english/advisories/2008/0612/references http://www.s21sec.com/avisos/s21sec-040-en.txt http://www.securitytracker.com/id?1019449	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2008-0900`	vulnerable	2026-06-03 14:28:38.347011	Details available Session fixation vulnerability in BEA WebLogic Server and Express 8.1 SP4 through SP6, 9.2 through MP1, and 10.0 allows remote authenticated users to hijack web sessions via unknown vectors. Published: 2008-02-22T21:00:00.000Z Updated: 2024-08-07T08:01:40.091Z Open on db.gcve.eu Reference links http://www.securitytracker.com/id?1019439 http://dev2dev.bea.com/pub/advisory/270 http://secunia.com/advisories/29041 http://www.vupen.com/english/advisories/2008/0612/references	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2008-0899`	vulnerable	2026-06-03 14:28:38.343433	Details available Cross-site scripting (XSS) vulnerability in the Administration Console in BEA WebLogic Server and Express 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via URLs that are not properly handled by the Unexpected Exception Page. Published: 2008-02-22T21:00:00.000Z Updated: 2024-08-07T08:01:40.102Z Open on db.gcve.eu Reference links http://www.securitytracker.com/id?1019448 http://secunia.com/advisories/29041 http://www.vupen.com/english/advisories/2008/0612/references http://dev2dev.bea.com/pub/advisory/269	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2008-0898`	vulnerable	2026-06-03 14:28:38.342053	Details available The distributed queue feature in JMS in BEA WebLogic Server 9.0 through 10.0, in certain configurations, does not properly handle when a client cannot send a message to a member of a distributed queue, which allows remote authenticated users to bypass intended access restrictions for protected distributed queues. Published: 2008-02-22T21:00:00.000Z Updated: 2024-08-07T08:01:40.071Z Open on db.gcve.eu Reference links http://www.securitytracker.com/id?1019447 http://secunia.com/advisories/29041 http://www.vupen.com/english/advisories/2008/0612/references http://dev2dev.bea.com/pub/advisory/268	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2008-0897`	vulnerable	2026-06-03 14:28:38.337167	Details available Unspecified vulnerability in BEA WebLogic Server 9.0 through 10.0 allows remote authenticated users without "receive" permissions to bypass intended access restrictions and receive messages from a standalone JMS Topic or secured Distributed Topic member destination, related to durable subscriptions. Published: 2008-02-22T21:00:00.000Z Updated: 2024-08-07T08:01:39.997Z Open on db.gcve.eu Reference links http://dev2dev.bea.com/pub/advisory/267 http://www.securitytracker.com/id?1019444 http://secunia.com/advisories/29041 http://www.vupen.com/english/advisories/2008/0612/references	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2007-4616`	vulnerable	2026-06-03 14:28:19.013723	Details available The SSL server implementation in BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP1, and 10.0 sometimes selects the null cipher when no other cipher is compatible between the server and client, which might allow remote attackers to intercept communications. Published: 2007-08-31T00:00:00.000Z Updated: 2024-08-07T15:01:09.759Z Open on db.gcve.eu Reference links http://secunia.com/advisories/26539 https://exchange.xforce.ibmcloud.com/vulnerabilities/36320 http://www.securityfocus.com/bid/25472 http://securitytracker.com/id?1018620 http://www.vupen.com/english/advisories/2007/3008	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.