GCVE - cpe:2.3:a:bea:weblogic_server:9.0:sp3:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:bea:weblogic_server:9.0:sp3:*:*:*:*:*:*

part: a version: 9.0 update: sp3

Vendor	Bea (`c4fe31a7-8f48-5c00-b7c2-e6a20391219c`)
Product	Weblogic Server (`ebf23157-7e5f-5cf4-ba69-dda04749aa52`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2008-3257`	vulnerable	2026-06-03 14:28:52.754396	Details available Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request. Published: 2008-07-22T16:00:00.000Z Updated: 2024-08-07T09:28:41.938Z Open on db.gcve.eu Reference links http://www.attrition.org/pipermail/vim/2008-July/002035.html http://www.attrition.org/pipermail/vim/2008-July/002036.html https://www.exploit-db.com/exploits/6089 http://www.oracle.com/technology/deploy/security/alerts/alert_cve2008-3257.html https://support.bea.com/application_content/product_portlets/securityadvisories/2793.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2008-0898`	vulnerable	2026-06-03 14:28:38.340219	Details available The distributed queue feature in JMS in BEA WebLogic Server 9.0 through 10.0, in certain configurations, does not properly handle when a client cannot send a message to a member of a distributed queue, which allows remote authenticated users to bypass intended access restrictions for protected distributed queues. Published: 2008-02-22T21:00:00.000Z Updated: 2024-08-07T08:01:40.071Z Open on db.gcve.eu Reference links http://www.securitytracker.com/id?1019447 http://secunia.com/advisories/29041 http://www.vupen.com/english/advisories/2008/0612/references http://dev2dev.bea.com/pub/advisory/268	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2006-0430`	vulnerable	2026-06-03 14:27:21.019371	Details available Certain configurations of BEA WebLogic Server and WebLogic Express 9.0, 8.1 through SP5, and 7.0 through SP6, when connection filters are enabled, cause the server to run more slowly, which makes it easier for remote attackers to cause a denial of service (server slowdown). Published: 2006-01-25T23:00:00.000Z Updated: 2024-08-07T16:34:14.797Z Open on db.gcve.eu Reference links http://www.vupen.com/english/advisories/2006/0313 http://dev2dev.bea.com/pub/advisory/174 http://securitytracker.com/id?1015528 https://exchange.xforce.ibmcloud.com/vulnerabilities/24301 http://secunia.com/advisories/18592	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2006-0427`	vulnerable	2026-06-03 14:27:21.013489	Details available Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 9.0 and 8.1 through SP5 allows malicious EJBs or servlet applications to decrypt system passwords, possibly by accessing functionality that should have been restricted. Published: 2006-01-25T23:00:00.000Z Updated: 2024-08-07T16:34:14.815Z Open on db.gcve.eu Reference links http://www.vupen.com/english/advisories/2006/0313 http://dev2dev.bea.com/pub/advisory/171 http://securitytracker.com/id?1015528 http://secunia.com/advisories/18592 http://www.osvdb.org/22774	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.