GCVE - cpe:2.3:a:bea:weblogic_server:5.1:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:bea:weblogic_server:5.1:*:*:*:*:*:*:*

part: a version: 5.1 update: *

Vendor	Bea (`c4fe31a7-8f48-5c00-b7c2-e6a20391219c`)
Product	Weblogic Server (`ebf23157-7e5f-5cf4-ba69-dda04749aa52`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2008-3257`	vulnerable	2026-06-03 14:28:52.726674	Details available Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request. Published: 2008-07-22T16:00:00.000Z Updated: 2024-08-07T09:28:41.938Z Open on db.gcve.eu Reference links http://www.attrition.org/pipermail/vim/2008-July/002035.html http://www.attrition.org/pipermail/vim/2008-July/002036.html https://www.exploit-db.com/exploits/6089 http://www.oracle.com/technology/deploy/security/alerts/alert_cve2008-3257.html https://support.bea.com/application_content/product_portlets/securityadvisories/2793.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2003-1438`	vulnerable	2026-06-03 14:26:33.253664	Details available Race condition in BEA WebLogic Server and Express 5.1 through 7.0.0.1, when using in-memory session replication or replicated stateful session beans, causes the same buffer to be provided to two users, which could allow one user to see session data that was intended for another user. Published: 2007-10-23T01:00:00.000Z Updated: 2024-08-08T02:28:03.597Z Open on db.gcve.eu Reference links http://dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-26.01.jsp http://www.securitytracker.com/id?1006018 http://www.securityfocus.com/bid/6717 https://exchange.xforce.ibmcloud.com/vulnerabilities/11221	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2003-0733`	vulnerable	2026-06-03 14:26:26.394330	Details available Multiple cross-site scripting (XSS) vulnerabilities in WebLogic Integration 7.0 and 2.0, Liquid Data 1.1, and WebLogic Server and Express 5.1 through 7.0, allow remote attackers to execute arbitrary web script and steal authentication credentials via (1) a forward instruction to the Servlet container or (2) other vulnerabilities in the WebLogic Server console application. Published: 2003-09-04T04:00:00.000Z Updated: 2024-08-08T02:05:12.198Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/8357 http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/SA_BEA03_36.00.jsp	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2002-1030`	vulnerable	2026-06-03 14:26:15.658406	Details available Race condition in Performance Pack in BEA WebLogic Server and Express 5.1.x, 6.0.x, 6.1.x and 7.0 allows remote attackers to cause a denial of service (crash) via a flood of data and connections. Published: 2003-04-02T05:00:00.000Z Updated: 2024-08-08T03:12:16.665Z Open on db.gcve.eu Reference links http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0008.html http://www.securityfocus.com/bid/5159 http://www.iss.net/security_center/static/9486.php http://online.securityfocus.com/archive/1/281046 http://dev2dev.bea.com/resourcelibrary/advisoriesdetail.jsp?highlight=advisoriesnotifications&path=components%2Fdev2dev%2Fresourcelibrary%2Fadvisoriesnotifications%2Fadvisory_BEA02-19.htm	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2000-1238`	vulnerable	2026-06-03 14:26:00.754420	Details available BEA Systems WebLogic Express and WebLogic Server 5.1 SP1-SP6 allows remote attackers to bypass access controls for restricted JSP or servlet pages via a URL with multiple / (forward slash) characters before the restricted pages. Published: 2005-11-16T21:17:00.000Z Updated: 2024-08-08T05:45:37.536Z Open on db.gcve.eu Reference links https://exchange.xforce.ibmcloud.com/vulnerabilities/5588 http://www.securityfocus.com/bid/5089 ftp://ftpna.bea.com/pub/releases/patches/SecurityBEA00-0600.zip	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2000-0683`	vulnerable	2026-06-03 14:25:59.691495	Details available BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /*.shtml/ into the URL, which invokes the SSIServlet. Published: 2000-10-13T04:00:00.000Z Updated: 2024-08-08T05:28:41.513Z Open on db.gcve.eu Reference links http://www.osvdb.org/1480 http://www.securityfocus.com/bid/1517 http://archives.neohapsis.com/archives/bugtraq/2000-07/0410.html http://developer.bea.com/alerts/security_000728.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2000-0682`	vulnerable	2026-06-03 14:25:59.683735	Details available BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /ConsoleHelp/ into the URL, which invokes the FileServlet. Published: 2000-10-13T04:00:00.000Z Updated: 2024-08-08T05:28:40.950Z Open on db.gcve.eu Reference links http://developer.bea.com/alerts/security_000731.html http://archives.neohapsis.com/archives/bugtraq/2000-07/0410.html http://www.osvdb.org/1481 http://www.securityfocus.com/bid/1518	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2000-0500`	vulnerable	2026-06-03 14:25:59.239240	Details available The default configuration of BEA WebLogic 5.1.0 allows a remote attacker to view source code of programs by requesting a URL beginning with /file/, which causes the default servlet to display the file without further processing. Published: 2000-10-13T04:00:00.000Z Updated: 2024-08-08T05:21:31.241Z Open on db.gcve.eu Reference links http://marc.info/?l=bugtraq&m=96161462915381&w=2 http://www.weblogic.com/docs51/admindocs/http.html#file http://www.securityfocus.com/bid/1378 https://exchange.xforce.ibmcloud.com/vulnerabilities/4775	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.