Weblogic Server
Approved changes feed: RSS · Atom
cpe:2.3:a:bea:weblogic_server:9.1:*:express:*:*:*:*:*
part: a version: 9.1 update: *
| Vendor | Bea (c4fe31a7-8f48-5c00-b7c2-e6a20391219c) |
|---|---|
| Product | Weblogic Server (ebf23157-7e5f-5cf4-ba69-dda04749aa52) |
| Edition | express |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2008-0863 |
vulnerable | 2026-06-03 14:28:38.227055 |
Details available
BEA WebLogic Server and WebLogic Express 9.0 and 9.1 exposes the web service's WSDL and security policies, which allows remote attackers to obtain sensitive information and potentially launch further attacks.
Published: 2008-02-21T01:00:00.000Z
Updated: 2024-08-07T08:01:40.101Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2007-5576 |
vulnerable | 2026-06-03 14:28:27.247790 |
Details available
BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which allows physically proximate attackers to obtain sensitive information via the (1) cnsbind, (2) cnsunbind, or (3) cnsls commands.
Published: 2007-10-18T21:00:00.000Z
Updated: 2024-08-07T15:39:13.505Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2007-2700 |
vulnerable | 2026-06-03 14:28:09.195765 |
Details available
The WLST script generated by the configToScript command in BEA WebLogic Express and WebLogic Server 9.0 and 9.1 does not encrypt certain attributes in configuration files when creating a new domain, which allows remote authenticated users to obtain sensitive information.
Published: 2007-05-16T01:00:00.000Z
Updated: 2024-08-07T13:49:57.180Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2007-2699 |
vulnerable | 2026-06-03 14:28:09.195401 |
Details available
The Administration Console in BEA WebLogic Express and WebLogic Server 9.0 and 9.1 does not properly enforce certain Domain Security Policies, which allows remote administrative users in the Deployer role to upload arbitrary files.
Published: 2007-05-16T01:00:00.000Z
Updated: 2024-08-07T13:49:57.306Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2007-2697 |
vulnerable | 2026-06-03 14:28:09.194537 |
Details available
The embedded LDAP server in BEA WebLogic Express and WebLogic Server 7.0 through SP6, 8.1 through SP5, 9.0, and 9.1, when in certain configurations, does not limit or audit failed authentication attempts, which allows remote attackers to more easily conduct brute-force attacks against the administrator password, or flood the server with login attempts and cause a denial of service.
Published: 2007-05-16T01:00:00.000Z
Updated: 2024-08-07T13:49:57.266Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.