GCVE - cpe:2.3:a:bea:weblogic_server:5.1:sp6:express:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:bea:weblogic_server:5.1:sp6:express:*:*:*:*:*

part: a version: 5.1 update: sp6

Vendor	Bea (`c4fe31a7-8f48-5c00-b7c2-e6a20391219c`)
Product	Weblogic Server (`ebf23157-7e5f-5cf4-ba69-dda04749aa52`)
Edition	express
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2004-2320`	vulnerable	2026-06-03 14:26:47.086451	Details available The default configuration of BEA WebLogic Server and Express 8.1 SP2 and earlier, 7.0 SP4 and earlier, 6.1 through SP6, and 5.1 through SP13 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting. Published: 2005-08-16T04:00:00.000Z Updated: 2026-05-28T17:55:12.478Z Open on db.gcve.eu Reference links https://exchange.xforce.ibmcloud.com/vulnerabilities/14959 http://www.kb.cert.org/vuls/id/867593 http://dev2dev.bea.com/pub/advisory/68 http://www.securityfocus.com/bid/9506 http://secunia.com/advisories/10726	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2002-1030`	vulnerable	2026-06-03 14:26:15.667335	Details available Race condition in Performance Pack in BEA WebLogic Server and Express 5.1.x, 6.0.x, 6.1.x and 7.0 allows remote attackers to cause a denial of service (crash) via a flood of data and connections. Published: 2003-04-02T05:00:00.000Z Updated: 2024-08-08T03:12:16.665Z Open on db.gcve.eu Reference links http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0008.html http://www.securityfocus.com/bid/5159 http://www.iss.net/security_center/static/9486.php http://online.securityfocus.com/archive/1/281046 http://dev2dev.bea.com/resourcelibrary/advisoriesdetail.jsp?highlight=advisoriesnotifications&path=components%2Fdev2dev%2Fresourcelibrary%2Fadvisoriesnotifications%2Fadvisory_BEA02-19.htm	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2000-1238`	vulnerable	2026-06-03 14:26:00.759569	Details available BEA Systems WebLogic Express and WebLogic Server 5.1 SP1-SP6 allows remote attackers to bypass access controls for restricted JSP or servlet pages via a URL with multiple / (forward slash) characters before the restricted pages. Published: 2005-11-16T21:17:00.000Z Updated: 2024-08-08T05:45:37.536Z Open on db.gcve.eu Reference links https://exchange.xforce.ibmcloud.com/vulnerabilities/5588 http://www.securityfocus.com/bid/5089 ftp://ftpna.bea.com/pub/releases/patches/SecurityBEA00-0600.zip	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2000-0683`	vulnerable	2026-06-03 14:25:59.691694	Details available BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /*.shtml/ into the URL, which invokes the SSIServlet. Published: 2000-10-13T04:00:00.000Z Updated: 2024-08-08T05:28:41.513Z Open on db.gcve.eu Reference links http://www.osvdb.org/1480 http://www.securityfocus.com/bid/1517 http://archives.neohapsis.com/archives/bugtraq/2000-07/0410.html http://developer.bea.com/alerts/security_000728.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2000-0682`	vulnerable	2026-06-03 14:25:59.689488	Details available BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /ConsoleHelp/ into the URL, which invokes the FileServlet. Published: 2000-10-13T04:00:00.000Z Updated: 2024-08-08T05:28:40.950Z Open on db.gcve.eu Reference links http://developer.bea.com/alerts/security_000731.html http://archives.neohapsis.com/archives/bugtraq/2000-07/0410.html http://www.osvdb.org/1481 http://www.securityfocus.com/bid/1518	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.