BEA Systems WebLogic Express 9.1 GA
Approved changes feed: RSS · Atom
cpe:2.3:a:bea:weblogic_server:9.1:ga:express:*:*:*:*:*
part: a version: 9.1 update: ga
| Vendor | Bea (c4fe31a7-8f48-5c00-b7c2-e6a20391219c) |
|---|---|
| Product | Weblogic Server (ebf23157-7e5f-5cf4-ba69-dda04749aa52) |
| Edition | express |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2007-2695 |
vulnerable | 2026-06-03 14:28:09.187590 |
Details available
The HttpClusterServlet and HttpProxyServlet in BEA WebLogic Express and WebLogic Server 6.1 through SP7, 7.0 through SP7, 8.1 through SP5, 9.0, and 9.1, when SecureProxy is enabled, may process "external requests on behalf of a system identity," which allows remote attackers to access administrative data or functionality.
Published: 2007-05-16T01:00:00.000Z
Updated: 2024-08-07T13:49:57.548Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2007-2694 |
vulnerable | 2026-06-03 14:28:09.180641 |
Details available
Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Express and WebLogic Server 6.1 through SP7, 7.0 through SP7, 8.1 through SP5, 9.0 GA, and 9.1 GA allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Published: 2007-05-16T01:00:00.000Z
Updated: 2024-08-07T13:49:57.192Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.