GCVE - cpe:2.3:a:bea:weblogic_server:*:sp6:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:bea:weblogic_server:*:sp6:*:*:*:*:*:*

part: a version: * update: sp6

Vendor	Bea (`c4fe31a7-8f48-5c00-b7c2-e6a20391219c`)
Product	Weblogic Server (`ebf23157-7e5f-5cf4-ba69-dda04749aa52`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2007-0418`	vulnerable	2026-06-03 14:27:56.681017	Details available BEA WebLogic Server 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, 9.0, and 9.1 does not enforce a security policy that declares permissions for EJB methods that have array parameters, which allows remote attackers to obtain unauthorized access to these methods. Published: 2007-01-23T00:00:00.000Z Updated: 2024-08-07T12:19:29.935Z Open on db.gcve.eu Reference links http://securitytracker.com/id?1017525 http://secunia.com/advisories/23750 http://www.securityfocus.com/bid/22082 http://osvdb.org/38512 http://www.vupen.com/english/advisories/2007/0213	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2007-0414`	vulnerable	2026-06-03 14:27:56.679444	Details available BEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, and 9.0 allows remote attackers to cause a denial of service (server hang) via certain requests that cause muxer threads to block when processing error pages. Published: 2007-01-23T00:00:00.000Z Updated: 2024-08-07T12:19:29.975Z Open on db.gcve.eu Reference links http://securitytracker.com/id?1017525 http://secunia.com/advisories/23750 http://www.securityfocus.com/bid/22082 http://dev2dev.bea.com/pub/advisory/208 http://www.vupen.com/english/advisories/2007/0213	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2007-0409`	vulnerable	2026-06-03 14:27:56.658468	Details available BEA WebLogic 7.0 through 7.0 SP6, 8.1 through 8.1 SP4, and 9.0 initial release does not encrypt passwords stored in the JDBCDataSourceFactory MBean Properties, which allows local administrative users to read the cleartext password. Published: 2007-01-23T00:00:00.000Z Updated: 2024-08-07T12:19:30.021Z Open on db.gcve.eu Reference links http://dev2dev.bea.com/pub/advisory/203 http://securitytracker.com/id?1017525 http://secunia.com/advisories/23750 http://www.securityfocus.com/bid/22082 http://osvdb.org/38501	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.